aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app/email/build
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2022-08-25 04:39:44 +0200
committerQuentin Dufour <quentin@deuxfleurs.fr>2022-08-25 04:39:44 +0200
commitec0e483d99200bda02547e425fb5d08697f6156a (patch)
tree7d35c9e24d96a2c178a0c4d7322ec7dd124db2b2 /cluster/prod/app/email/build
parentea1b0e9d19d0e1457fa6f6aee593f56d4347ae32 (diff)
downloadnixcfg-ec0e483d99200bda02547e425fb5d08697f6156a.tar.gz
nixcfg-ec0e483d99200bda02547e425fb5d08697f6156a.zip
Add email support
Diffstat (limited to 'cluster/prod/app/email/build')
-rw-r--r--cluster/prod/app/email/build/alps/Dockerfile20
-rw-r--r--cluster/prod/app/email/build/docker-compose.yml36
-rw-r--r--cluster/prod/app/email/build/dovecot/.gitignore1
-rw-r--r--cluster/prod/app/email/build/dovecot/Dockerfile16
-rw-r--r--cluster/prod/app/email/build/dovecot/README.md18
-rwxr-xr-xcluster/prod/app/email/build/dovecot/entrypoint.sh27
-rw-r--r--cluster/prod/app/email/build/dovecot/legacy/all_before.sieve5
-rw-r--r--cluster/prod/app/email/build/dovecot/legacy/dovecot-ldap.sample.conf8
-rw-r--r--cluster/prod/app/email/build/dovecot/legacy/report-ham.sieve17
-rw-r--r--cluster/prod/app/email/build/dovecot/legacy/report-spam.sieve9
-rw-r--r--cluster/prod/app/email/build/opendkim/Dockerfile9
-rw-r--r--cluster/prod/app/email/build/opendkim/README.md12
-rwxr-xr-xcluster/prod/app/email/build/opendkim/entrypoint8
-rw-r--r--cluster/prod/app/email/build/opendkim/opendkim.conf12
-rw-r--r--cluster/prod/app/email/build/postfix/Dockerfile13
-rw-r--r--cluster/prod/app/email/build/postfix/README.md18
-rwxr-xr-xcluster/prod/app/email/build/postfix/entrypoint.sh31
-rw-r--r--cluster/prod/app/email/build/sogo/Dockerfile17
-rw-r--r--cluster/prod/app/email/build/sogo/README.md20
-rwxr-xr-xcluster/prod/app/email/build/sogo/entrypoint13
-rw-r--r--cluster/prod/app/email/build/sogo/sogo.nginx.conf83
21 files changed, 393 insertions, 0 deletions
diff --git a/cluster/prod/app/email/build/alps/Dockerfile b/cluster/prod/app/email/build/alps/Dockerfile
new file mode 100644
index 0000000..92b1f14
--- /dev/null
+++ b/cluster/prod/app/email/build/alps/Dockerfile
@@ -0,0 +1,20 @@
+FROM golang:1.15.6-buster as builder
+
+ARG VERSION
+
+ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
+WORKDIR /tmp/alps
+
+RUN git init && \
+ git remote add origin https://git.deuxfleurs.fr/Deuxfleurs/alps.git && \
+ git fetch --depth 1 origin ${VERSION} && \
+ git checkout FETCH_HEAD
+
+RUN go build -a -o /usr/local/bin/alps ./cmd/alps
+
+FROM scratch
+COPY --from=builder /usr/local/bin/alps /alps
+COPY --from=builder /tmp/alps/themes /themes
+COPY --from=builder /tmp/alps/plugins /plugins
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+ENTRYPOINT ["/alps"]
diff --git a/cluster/prod/app/email/build/docker-compose.yml b/cluster/prod/app/email/build/docker-compose.yml
new file mode 100644
index 0000000..0826142
--- /dev/null
+++ b/cluster/prod/app/email/build/docker-compose.yml
@@ -0,0 +1,36 @@
+version: '3.4'
+services:
+
+ # Email
+ sogo:
+ build:
+ context: ./sogo
+ args:
+ # fake for now
+ VERSION: 5.0.0
+ image: superboum/amd64_sogo:v7
+
+ alps:
+ build:
+ context: ./alps
+ args:
+ VERSION: 9bafa64b9d
+ image: superboum/amd64_alps:v1
+
+ dovecot:
+ build:
+ context: ./dovecot
+ image: superboum/amd64_dovecot:v6
+
+ postfix:
+ build:
+ context: ./postfix
+ args:
+ # https://packages.debian.org/fr/buster/postfix
+ VERSION: 3.4.14-0+deb10u1
+ image: superboum/amd64_postfix:v3
+
+ opendkim:
+ build:
+ context: ./opendkim
+ image: superboum/amd64_opendkim:v6
diff --git a/cluster/prod/app/email/build/dovecot/.gitignore b/cluster/prod/app/email/build/dovecot/.gitignore
new file mode 100644
index 0000000..71a04e2
--- /dev/null
+++ b/cluster/prod/app/email/build/dovecot/.gitignore
@@ -0,0 +1 @@
+dovecot-ldap.conf
diff --git a/cluster/prod/app/email/build/dovecot/Dockerfile b/cluster/prod/app/email/build/dovecot/Dockerfile
new file mode 100644
index 0000000..cd1fd0d
--- /dev/null
+++ b/cluster/prod/app/email/build/dovecot/Dockerfile
@@ -0,0 +1,16 @@
+FROM amd64/debian:bullseye
+
+RUN apt-get update && \
+ apt-get install -y \
+ dovecot-antispam \
+ dovecot-core \
+ dovecot-imapd \
+ dovecot-ldap \
+ dovecot-managesieved \
+ dovecot-sieve \
+ dovecot-lmtpd && \
+ rm -rf /etc/dovecot/*
+RUN useradd mailstore
+COPY entrypoint.sh /usr/local/bin/entrypoint
+
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
diff --git a/cluster/prod/app/email/build/dovecot/README.md b/cluster/prod/app/email/build/dovecot/README.md
new file mode 100644
index 0000000..8c9f372
--- /dev/null
+++ b/cluster/prod/app/email/build/dovecot/README.md
@@ -0,0 +1,18 @@
+```
+sudo docker build -t superboum/amd64_dovecot:v2 .
+```
+
+
+```
+sudo docker run -t -i \
+ -e TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=www.deuxfleurs.fr" \
+ -p 993:993 \
+ -p 143:143 \
+ -p 24:24 \
+ -p 1337:1337 \
+ -v /mnt/glusterfs/email/ssl:/etc/ssl/ \
+ -v /mnt/glusterfs/email/mail:/var/mail \
+ -v `pwd`/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf \
+ superboum/amd64_dovecot:v1 \
+ dovecot -F
+```
diff --git a/cluster/prod/app/email/build/dovecot/entrypoint.sh b/cluster/prod/app/email/build/dovecot/entrypoint.sh
new file mode 100755
index 0000000..2165d8f
--- /dev/null
+++ b/cluster/prod/app/email/build/dovecot/entrypoint.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [[ ! -f /etc/ssl/certs/dovecot.crt || ! -f /etc/ssl/private/dovecot.key ]]; then
+ cd /root
+ openssl req \
+ -new \
+ -newkey rsa:4096 \
+ -days 3650 \
+ -nodes \
+ -x509 \
+ -subj ${TLSINFO} \
+ -keyout dovecot.key \
+ -out dovecot.crt
+
+ mkdir -p /etc/ssl/{certs,private}/
+
+ cp dovecot.crt /etc/ssl/certs/dovecot.crt
+ cp dovecot.key /etc/ssl/private/dovecot.key
+ chmod 400 /etc/ssl/certs/dovecot.crt
+ chmod 400 /etc/ssl/private/dovecot.key
+fi
+
+if [[ $(stat -c '%U' /var/mail/) != "mailstore" ]]; then
+ chown -R mailstore /var/mail
+fi
+
+exec "$@"
diff --git a/cluster/prod/app/email/build/dovecot/legacy/all_before.sieve b/cluster/prod/app/email/build/dovecot/legacy/all_before.sieve
new file mode 100644
index 0000000..7d2e57e
--- /dev/null
+++ b/cluster/prod/app/email/build/dovecot/legacy/all_before.sieve
@@ -0,0 +1,5 @@
+require ["fileinto", "mailbox"];
+if header :contains "X-Spam-Flag" "YES" {
+ fileinto :create "Junk";
+}
+
diff --git a/cluster/prod/app/email/build/dovecot/legacy/dovecot-ldap.sample.conf b/cluster/prod/app/email/build/dovecot/legacy/dovecot-ldap.sample.conf
new file mode 100644
index 0000000..472d5e8
--- /dev/null
+++ b/cluster/prod/app/email/build/dovecot/legacy/dovecot-ldap.sample.conf
@@ -0,0 +1,8 @@
+hosts = ldap.example.com
+dn = cn=admin,dc=example,dc=com
+dnpass = s3cr3t
+base = dc=example,dc=com
+scope = subtree
+user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=example,dc=com)))
+pass_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=example,dc=com)))
+user_attrs = mail=/var/mail/%{ldap:mail}
diff --git a/cluster/prod/app/email/build/dovecot/legacy/report-ham.sieve b/cluster/prod/app/email/build/dovecot/legacy/report-ham.sieve
new file mode 100644
index 0000000..c5a994a
--- /dev/null
+++ b/cluster/prod/app/email/build/dovecot/legacy/report-ham.sieve
@@ -0,0 +1,17 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables", "vnd.dovecot.debug"];
+
+if environment :matches "imap.mailbox" "*" {
+ set "mailbox" "${1}";
+}
+
+if string "${mailbox}" "Trash" {
+ stop;
+}
+
+if environment :matches "imap.user" "*" {
+ set "username" "${1}";
+}
+
+pipe :copy "sa-learn" [ "--ham", "-u", "debian-spamd" ];
+debug_log "ham reported by ${username}";
+
diff --git a/cluster/prod/app/email/build/dovecot/legacy/report-spam.sieve b/cluster/prod/app/email/build/dovecot/legacy/report-spam.sieve
new file mode 100644
index 0000000..1be7389
--- /dev/null
+++ b/cluster/prod/app/email/build/dovecot/legacy/report-spam.sieve
@@ -0,0 +1,9 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables", "vnd.dovecot.debug"];
+
+if environment :matches "imap.user" "*" {
+ set "username" "${1}";
+}
+
+pipe :copy "sa-learn" [ "--spam", "-u", "debian-spamd"];
+debug_log "spam reported by ${username}";
+
diff --git a/cluster/prod/app/email/build/opendkim/Dockerfile b/cluster/prod/app/email/build/opendkim/Dockerfile
new file mode 100644
index 0000000..452d6e8
--- /dev/null
+++ b/cluster/prod/app/email/build/opendkim/Dockerfile
@@ -0,0 +1,9 @@
+FROM amd64/debian:bullseye
+
+RUN apt-get update && \
+ apt-get dist-upgrade -y && \
+ apt-get install -y opendkim opendkim-tools
+
+COPY ./opendkim.conf /etc/opendkim.conf
+COPY ./entrypoint /entrypoint
+CMD ["/entrypoint"]
diff --git a/cluster/prod/app/email/build/opendkim/README.md b/cluster/prod/app/email/build/opendkim/README.md
new file mode 100644
index 0000000..e146125
--- /dev/null
+++ b/cluster/prod/app/email/build/opendkim/README.md
@@ -0,0 +1,12 @@
+```
+sudo docker build -t superboum/amd64_opendkim:v1 .
+```
+
+```
+sudo docker run -t -i \
+ -v `pwd`/conf:/etc/dkim \
+ -v /dev/log:/dev/log \
+ -p 8999:8999
+ superboum/amd64_opendkim:v1
+ opendkim -f -v -x /etc/opendkim.conf
+```
diff --git a/cluster/prod/app/email/build/opendkim/entrypoint b/cluster/prod/app/email/build/opendkim/entrypoint
new file mode 100755
index 0000000..7a1485c
--- /dev/null
+++ b/cluster/prod/app/email/build/opendkim/entrypoint
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+chown 0:0 /etc/dkim/*
+chown 0:0 /etc/dkim
+chmod 400 /etc/dkim/*
+chmod 700 /etc/dkim
+
+opendkim -f -v -x /etc/opendkim.conf
diff --git a/cluster/prod/app/email/build/opendkim/opendkim.conf b/cluster/prod/app/email/build/opendkim/opendkim.conf
new file mode 100644
index 0000000..0d6465f
--- /dev/null
+++ b/cluster/prod/app/email/build/opendkim/opendkim.conf
@@ -0,0 +1,12 @@
+Syslog yes
+SyslogSuccess yes
+LogWhy yes
+UMask 007
+Mode sv
+OversignHeaders From
+TrustAnchorFile /usr/share/dns/root.key
+KeyTable refile:/etc/dkim/keytable
+SigningTable refile:/etc/dkim/signingtable
+ExternalIgnoreList refile:/etc/dkim/trusted
+InternalHosts refile:/etc/dkim/trusted
+Socket inet:8999
diff --git a/cluster/prod/app/email/build/postfix/Dockerfile b/cluster/prod/app/email/build/postfix/Dockerfile
new file mode 100644
index 0000000..0c74fdc
--- /dev/null
+++ b/cluster/prod/app/email/build/postfix/Dockerfile
@@ -0,0 +1,13 @@
+FROM amd64/debian:buster
+
+ARG VERSION
+
+RUN apt-get update && \
+ apt-get install -y \
+ postfix=$VERSION \
+ postfix-ldap
+
+COPY entrypoint.sh /usr/local/bin/entrypoint
+
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+CMD ["postfix", "start-fg"]
diff --git a/cluster/prod/app/email/build/postfix/README.md b/cluster/prod/app/email/build/postfix/README.md
new file mode 100644
index 0000000..ac44fc0
--- /dev/null
+++ b/cluster/prod/app/email/build/postfix/README.md
@@ -0,0 +1,18 @@
+```
+sudo docker build -t superboum/amd64_postfix:v1 .
+```
+
+```
+sudo docker run -t -i \
+ -e TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" \
+ -e MAILNAME="smtp.deuxfleurs.fr" \
+ -p 25:25 \
+ -p 465:465 \
+ -p 587:587 \
+ -v `pwd`/../../ansible/roles/container_conf/files/email/postfix-conf:/etc/postfix-conf \
+ -v /mnt/glusterfs/email/postfix-ssl/private:/etc/ssl/private \
+ -v /mnt/glusterfs/email/postfix-ssl/certs:/etc/ssl/certs \
+ superboum/amd64_postfix:v1 \
+ bash
+```
+
diff --git a/cluster/prod/app/email/build/postfix/entrypoint.sh b/cluster/prod/app/email/build/postfix/entrypoint.sh
new file mode 100755
index 0000000..fcf1a66
--- /dev/null
+++ b/cluster/prod/app/email/build/postfix/entrypoint.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+if [[ ! -f /etc/ssl/certs/postfix.crt || ! -f /etc/ssl/private/postfix.key ]]; then
+ cd /root
+ openssl req \
+ -new \
+ -newkey rsa:4096 \
+ -days 3650 \
+ -nodes \
+ -x509 \
+ -subj ${TLSINFO} \
+ -keyout postfix.key \
+ -out postfix.crt
+
+ mkdir -p /etc/ssl/{certs,private}/
+
+ cp postfix.crt /etc/ssl/certs/postfix.crt
+ cp postfix.key /etc/ssl/private/postfix.key
+ chmod 400 /etc/ssl/certs/postfix.crt
+ chmod 400 /etc/ssl/private/postfix.key
+fi
+
+# A way to map files inside the postfix folder :s
+for file in $(ls /etc/postfix-conf); do
+ cp /etc/postfix-conf/${file} /etc/postfix/${file}
+done
+
+echo ${MAILNAME} > /etc/mailname
+postmap /etc/postfix/transport
+
+exec "$@"
diff --git a/cluster/prod/app/email/build/sogo/Dockerfile b/cluster/prod/app/email/build/sogo/Dockerfile
new file mode 100644
index 0000000..46880dd
--- /dev/null
+++ b/cluster/prod/app/email/build/sogo/Dockerfile
@@ -0,0 +1,17 @@
+#FROM amd64/debian:stretch as builder
+
+FROM amd64/debian:buster
+
+RUN mkdir ~/.gnupg && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf
+
+RUN apt-get update && \
+ apt-get install -y apt-transport-https gnupg2 sudo nginx && \
+ rm -rf /etc/nginx/sites-enabled/* && \
+ apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 && \
+ echo "deb http://packages.inverse.ca/SOGo/nightly/5/debian/ buster buster" > /etc/apt/sources.list.d/sogo.list && \
+ apt-get update && \
+ apt-get install -y sogo sogo-activesync sope4.9-gdl1-postgresql postgresql-client
+
+COPY sogo.nginx.conf /etc/nginx/sites-enabled/sogo.conf
+COPY entrypoint /usr/sbin/entrypoint
+ENTRYPOINT ["/usr/sbin/entrypoint"]
diff --git a/cluster/prod/app/email/build/sogo/README.md b/cluster/prod/app/email/build/sogo/README.md
new file mode 100644
index 0000000..ea12245
--- /dev/null
+++ b/cluster/prod/app/email/build/sogo/README.md
@@ -0,0 +1,20 @@
+```
+docker build -t superboum/amd64_sogo:v6 .
+
+# privileged is only for debug
+docker run --rm -ti \
+ --privileged \
+ -p 8080:8080 \
+ -v /tmp/sogo/log:/var/log/sogo \
+ -v /tmp/sogo/run:/var/run/sogo \
+ -v /tmp/sogo/spool:/var/spool/sogo \
+ -v /tmp/sogo/tmp:/tmp \
+ -v `pwd`/sogo:/etc/sogo:ro \
+ superboum/amd64_sogo:v1
+```
+
+Password must be url encoded in sogo.conf for postgres
+Will need a nginx instance: http://wiki.sogo.nu/nginxSettings
+
+Might (or might not) be needed:
+traefik.frontend.headers.customRequestHeaders=x-webobjects-server-port:443||x-webobjects-server-name=sogo.deuxfleurs.fr||x-webobjects-server-url:https://sogo.deuxfleurs.fr
diff --git a/cluster/prod/app/email/build/sogo/entrypoint b/cluster/prod/app/email/build/sogo/entrypoint
new file mode 100755
index 0000000..8b39def
--- /dev/null
+++ b/cluster/prod/app/email/build/sogo/entrypoint
@@ -0,0 +1,13 @@
+#!/bin/bash
+mkdir -p /var/log/sogo
+mkdir -p /var/run/sogo
+mkdir -p /var/spool/sogo
+chown sogo /var/log/sogo
+chown sogo /var/run/sogo
+chown sogo /var/spool/sogo
+
+nginx -g 'daemon on; master_process on;'
+sudo -u sogo memcached -d
+sudo -u sogo sogod
+sleep 10
+tail -n200 -f /var/log/sogo/sogo.log
diff --git a/cluster/prod/app/email/build/sogo/sogo.nginx.conf b/cluster/prod/app/email/build/sogo/sogo.nginx.conf
new file mode 100644
index 0000000..ad920a5
--- /dev/null
+++ b/cluster/prod/app/email/build/sogo/sogo.nginx.conf
@@ -0,0 +1,83 @@
+server {
+ listen 8080;
+ server_name default_server;
+ root /usr/lib/GNUstep/SOGo/WebServerResources/;
+
+ ## requirement to create new calendars in Thunderbird ##
+ proxy_http_version 1.1;
+
+ # Message size limit
+ client_max_body_size 50m;
+ client_body_buffer_size 128k;
+
+ location = / {
+ rewrite ^ '/SOGo';
+ allow all;
+ }
+
+ location = /principals/ {
+ rewrite ^ '/SOGo/dav';
+ allow all;
+ }
+
+ location ^~/SOGo {
+ proxy_pass 'http://127.0.0.1:20000';
+ proxy_redirect 'http://127.0.0.1:20000' default;
+ # forward user's IP address
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $host;
+ proxy_set_header x-webobjects-server-protocol HTTP/1.0;
+ proxy_set_header x-webobjects-remote-host 127.0.0.1;
+ proxy_set_header x-webobjects-server-name $server_name;
+ proxy_set_header x-webobjects-server-url $scheme://$host;
+ proxy_set_header x-webobjects-server-port $server_port;
+ proxy_connect_timeout 90;
+ proxy_send_timeout 90;
+ proxy_read_timeout 90;
+ proxy_buffer_size 4k;
+ proxy_buffers 4 32k;
+ proxy_busy_buffers_size 64k;
+ proxy_temp_file_write_size 64k;
+ break;
+ }
+
+ location /SOGo.woa/WebServerResources/ {
+ alias /usr/lib/GNUstep/SOGo/WebServerResources/;
+ allow all;
+ expires max;
+ }
+
+ location /SOGo/WebServerResources/ {
+ alias /usr/lib/GNUstep/SOGo/WebServerResources/;
+ allow all;
+ expires max;
+ }
+
+ location (^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$) {
+ alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
+ expires max;
+ }
+
+ location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) {
+ alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
+ expires max;
+ }
+
+ location ^~ /Microsoft-Server-ActiveSync {
+ access_log /var/log/nginx/activesync.log;
+ error_log /var/log/nginx/activesync-error.log;
+
+ proxy_connect_timeout 75;
+ proxy_send_timeout 3600;
+ proxy_read_timeout 3600;
+ proxy_buffers 64 256k;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
+ proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /;
+ }
+}