wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[DOCKER][MAIL] Update config and change the way mail docker handles it, so the edits aren't visible from the outside, polluting the git staging area

Browse Source
This commit is contained in:
Hugo Sales 2021-03-24 22:31:43 +00:00
parent b3623329e3
commit 1773ab7af2
No known key found for this signature in database
GPG Key ID: 7D0C7EAFC9D835A0
17 changed files with 149 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
bin/configure vendored
View File

@ -96,14 +96,15 @@ while true; do
done done
if [ "${DBMS}" = 'postgres' ]; then DB_USER="postgres"; else DB_USER="social"; fi if [ "${DBMS}" = 'postgres' ]; then DB_USER="postgres"; else DB_USER="social"; fi
while true; do if echo "${DOCKER}" | grep -Fvq '"db"'; then
DB_USER=$(${WHIPTAIL} --title 'GNU social DB user' --clear --backtitle 'GNU social' \ while true; do
--inputbox "\nEnter a user name for social to connect to the database under" 0 0 "${DB_USER}" \ DB_USER=$(${WHIPTAIL} --title 'GNU social DB user' --clear --backtitle 'GNU social' \
3>&1 1>&2 2>&3) --inputbox "\nEnter a user name for social to connect to the database under" 0 0 "${DB_USER}" \
validate_exit $? 3>&1 1>&2 2>&3)
if [ -n "${DB_USER}" ]; then break; fi validate_exit $?
done if [ -n "${DB_USER}" ]; then break; fi
done
fi
while true; do while true; do
DB_PASSWORD=$(${WHIPTAIL} --title 'GNU social DB password' --clear --backtitle 'GNU social' \ DB_PASSWORD=$(${WHIPTAIL} --title 'GNU social DB password' --clear --backtitle 'GNU social' \
--passwordbox "\nEnter a password for social to connect to the database with" 0 0 \ --passwordbox "\nEnter a password for social to connect to the database with" 0 0 \
@ -224,17 +225,25 @@ validate_exit $?
# ------------ Mail server -------------- # ------------ Mail server --------------
if echo "${DOCKER}" | grep -Fq '"mail"'; then MAILER_DSN='sendmail://localhost'
if echo "${DOCKER}" | grep -Fvq '"mail"'; then
while true; do while true; do
MAILER_DSN=$(${WHIPTAIL} --title 'GNU social mail server DSN' --clear --backtitle 'GNU social' \ MAILER_DSN=$(${WHIPTAIL} --title 'GNU social mail server DSN' --clear --backtitle 'GNU social' \
--inputbox "\nEnter a DSN/URL social will use to connect to the mail server" 0 0 'sendmail://localhost' \ --inputbox "\nEnter a DSN/URL social will use to connect to the mail server" 0 0 "${MAILER_DSN}" \
3>&1 1>&2 2>&3) 3>&1 1>&2 2>&3)
validate_exit $? validate_exit $?
if [ -n "${MAILER_DSN}" ]; then break; fi if [ -n "${MAILER_DSN}" ]; then break; fi
done done
while true; do
MAIL_DOMAIN=$(${WHIPTAIL} --title 'GNU social mail server domain' --clear --backtitle 'GNU social' \
--inputbox "\nEnter the domain social will use to serve mail" 0 0 "${DOMAIN_ROOT}" \
3>&1 1>&2 2>&3)
validate_exit $?
if [ -n "${MAIL_DOMAIN}" ]; then break; fi
done
fi fi
if echo "${DOCKER}" | grep -Fvq '"mail"'; then if echo "${DOCKER}" | grep -Fq '"mail"'; then
while true; do while true; do
MAIL_DOMAIN_ROOT=$(${WHIPTAIL} --title 'GNU social mail server domain' --clear --backtitle 'GNU social' \ MAIL_DOMAIN_ROOT=$(${WHIPTAIL} --title 'GNU social mail server domain' --clear --backtitle 'GNU social' \
--inputbox "\nEnter the root domain social will use to serve mail" 0 0 "${DOMAIN_ROOT}" \ --inputbox "\nEnter the root domain social will use to serve mail" 0 0 "${DOMAIN_ROOT}" \
@ -256,7 +265,7 @@ if echo "${DOCKER}" | grep -Fvq '"mail"'; then
while true; do while true; do
MAIL_SENDER_USER=$(${WHIPTAIL} --title 'GNU social mail sender user' --clear --backtitle 'GNU social' \ MAIL_SENDER_USER=$(${WHIPTAIL} --title 'GNU social mail sender user' --clear --backtitle 'GNU social' \
--inputbox "\nEnter the user emails should be sent from" 0 0 \ --inputbox "\nEnter the user emails should be sent from (email without @domain)" 0 0 \
3>&1 1>&2 2>&3) 3>&1 1>&2 2>&3)
validate_exit $? validate_exit $?
if [ -n "${MAIL_SENDER_USER}" ]; then break; fi if [ -n "${MAIL_SENDER_USER}" ]; then break; fi
@ -264,7 +273,7 @@ if echo "${DOCKER}" | grep -Fvq '"mail"'; then
while true; do while true; do
MAIL_SENDER_NAME=$(${WHIPTAIL} --title 'GNU social mail sender name' --clear --backtitle 'GNU social' \ MAIL_SENDER_NAME=$(${WHIPTAIL} --title 'GNU social mail sender name' --clear --backtitle 'GNU social' \
--inputbox "\nEnter the name emails should be sent from (name without @domain)" 0 0 \ --inputbox "\nEnter the name emails should be sent from" 0 0 "${NODE_NAME}" \
3>&1 1>&2 2>&3) 3>&1 1>&2 2>&3)
validate_exit $? validate_exit $?
if [ -n "${MAIL_SENDER_NAME}" ]; then break; fi if [ -n "${MAIL_SENDER_NAME}" ]; then break; fi
@ -331,7 +340,7 @@ SOCIAL_DB=${DB_NAME}
SOCIAL_USER=${DB_USER} SOCIAL_USER=${DB_USER}
SOCIAL_PASSWORD=${DB_PASSWORD} SOCIAL_PASSWORD=${DB_PASSWORD}
SOCIAL_DOMAIN=${DOMAIN} SOCIAL_DOMAIN=${DOMAIN}
SOCIAL_SITENAME=${SITENAME} SOCIAL_NODE_NAME=${NODE_NAME}
SOCIAL_ADMIN_EMAIL=${EMAIL} SOCIAL_ADMIN_EMAIL=${EMAIL}
SOCIAL_SITE_PROFILE=${PROFILE} SOCIAL_SITE_PROFILE=${PROFILE}
MAILER_DSN=${MAILER_DSN} MAILER_DSN=${MAILER_DSN}
@ -347,40 +356,18 @@ EOF
# --------------- Write mail configuration, and setup ---------------------- # --------------- Write mail configuration, and setup ----------------------
mkdir -p "${INSTALL_DIR}/docker/mail" mkdir -p "${INSTALL_DIR}/docker/mail"
cat > "${INSTALL_DIR}/docker/mail/mail.env" <<EOF
MAIL_DOMAIN=${MAIL_DOMAIN}
MAIL_USER=${MAIL_SENDER_USER}
MAIL_NAME=${MAIL_SENDER_NAME}
MAIL=${MAIL_SENDER_USER}@${MAIL_DOMAIN}
SSL_CERT=/etc/letsencrypt/live/${MAIL_DOMAIN}/fullchain.pem
SSL_KEY=/etc/letsencrypt/live/${MAIL_DOMAIN}/privkey.pem
EOF
HASHED_PASSWORD="{SHA512-CRYPT}"$(echo "${MAIL_PASSWORD}" | openssl passwd -6 -in -) HASHED_PASSWORD="{SHA512-CRYPT}"$(echo "${MAIL_PASSWORD}" | openssl passwd -6 -in -)
# Config postfix cat > "${INSTALL_DIR}/docker/mail/mail.env" <<EOF
sed -ri \ MAIL_DOMAIN=${MAIL_DOMAIN}
-e "s/^\s*myhostname\s*=.*/myhostname = ${MAILNAME}/" \ MAIL_DOMAIN_ROOT=${MAIL_DOMAIN_ROOT}
-e "s/^\s*mydomain\s*=.*/mydomain = ${DOMAINNAME}/" \ MAIL_USER=${MAIL_SENDER_USER}
-e "s/^\s*smtpd_tls_cert_file\s*=.*/smtpd_tls_cert_file = ${SSL_CERT}/" \ MAIL_NAME=${MAIL_SENDER_NAME}
-e "s/^\s*smtpd_tls_key_file\s*=.*/smtpd_tls_key_file = ${SSL_KEY}/" \ MAIL_ADDRESS=${MAIL_SENDER_USER}@${MAIL_DOMAIN}
"${INSTALL_DIR}/docker/mail/config/postfix/main.cf" SSL_CERT=/etc/letsencrypt/live/${MAIL_DOMAIN}/fullchain.pem
SSL_KEY=/etc/letsencrypt/live/${MAIL_DOMAIN}/privkey.pem
# Config dovecot HASHED_PASSWORD=${HASHED_PASSWORD}
sed -ri \ EOF
-e "s/^\s*ssl_cert\s*=.*/ssl_cert = <${SSL_CERT}/" \
-e "s/^\s*ssl_key\s*=.*/ssl_key = <${SSL_KEY}/" \
-e "s/^\s*postmaster_address\s*=.*/postmaster_address = postmaster@${DOMAINNAME}/" \
"${INSTALL_DIR}/docker/mail/config/dovecot/dovecot.conf"
# Config dkim
sed -i -e "s/^.*#HOSTNAME/${MAILNAME}#HOSTNAME/" "${INSTALL_DIR}/docker/mail/config/opendkim/TrustedHosts"
# Prepare mail user
echo "${MAIL_DOMAIN_ROOT} #OK" > "${INSTALL_DIR}/docker/mail/config/domains"
echo "${MAIL_USER} ${MAIL_USER}" > "${INSTALL_DIR}/docker/mail/config/aliases"
echo "${MAIL_USER} ${MAIL_DOMAIN}/${MAIL_USER}/" > "${INSTALL_DIR}/docker/mail/config/mailboxes"
echo "${MAIL_USER}:${HASHED_PASSWORD}" > "${INSTALL_DIR}/docker/mail/config/passwd"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------

2
docker/bootstrap/bootstrap.sh
View File

@ -5,7 +5,7 @@
. bootstrap.env . bootstrap.env
sed -ri "s/%hostname%/${DOMAIN}/" /etc/nginx/conf.d/challenge.conf sed -ri "s/%hostname%/${MAIL_DOMAIN}/" /etc/nginx/conf.d/challenge.conf
nginx nginx

54
docker/mail/Dockerfile
View File

@ -1,54 +1,12 @@
FROM debian:buster-slim FROM alpine
ENV DEBIAN_FRONTEND=noninteractive RUN apk update && apk add postfix dovecot dovecot-pop3d opendkim s6
# Install packages
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends \
dovecot-core \
dovecot-imapd \
dovecot-lmtpd \
dovecot-pop3d \
opendkim \
opendkim-tools \
openssl \
postfix \
procps \
rsyslog \
s6 \
&& apt-get autoclean \
&& apt-get autoremove
# Setup folders and users
RUN groupadd -g 2222 vmail \
&& mkdir -p -m 751 "/var/mail/" \
&& mkdir -p -m 755 "/etc/mail/" \
&& mkdir -p "/var/opendkim/keys/" \
&& useradd -d "/var/mail" -M -s "/usr/sbin/nologin" -u 2222 -g 2222 vmail \
&& usermod -aG vmail postfix \
&& usermod -aG vmail dovecot \
&& usermod -aG vmail opendkim \
&& chown vmail:vmail "/var/mail" \
&& chown opendkim:opendkim "/var/opendkim/keys/"
# Copy config files
COPY rootfs/ /
RUN chmod +x "/etc/service/postfix/run" \
&& chmod +x "/etc/service/dovecot/run" \
&& chmod +x "/etc/service/opendkim/run" \
&& chmod +x "/etc/service/rsyslog/run" \
&& chmod +x "/usr/bin/start.sh"
# Prepare user
RUN mkdir -p "/var/mail/${MAIL_DOMAIN}" \
&& mkdir -p "/var/mail/${DOMAINPART}/${USER%@*}" \
&& chown vmail:vmail "/var/mail/${MAIL_DOMAIN}" \
&& chown vmail:vmail "/var/mail/${MAIL_DOMAIN_ROOT}/${MAIL_USER%@*}"
# Expose ports # Expose ports
EXPOSE 25 110 143 587 993 995 EXPOSE 25 110 143 587 993 995
# Fixes problem with s6 (s6 claims it's a docker bug)
VOLUME ["/run"]
# Run start script # Run start script
ENTRYPOINT /usr/bin/start.sh ENTRYPOINT /usr/bin/entrypoint.sh

15
docker/mail/config/dovecot/dovecot.conf
View File

@ -1,9 +1,10 @@
protocols = imap pop3 lmtp protocols = imap pop3 lmtp
ssl = yes ssl = yes
ssl_cert = # `<` means read from file
ssl_key = ssl_cert = <%cert_file%
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL ssl_key = <%key_file%
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL
listen = *, :: listen = *, ::
dict { dict {
@ -33,7 +34,7 @@ userdb {
} }
service auth { service auth {
unix_listener auth-client { unix_listener /var/spool/postfix/private/auth {
user = postfix user = postfix
group = postfix group = postfix
mode = 0660 mode = 0660
@ -47,7 +48,7 @@ service imap-login {
} }
protocol lmtp { protocol lmtp {
postmaster_address = postmaster_address = %postmaster_address%
} }
protocol imap { protocol imap {
@ -68,5 +69,5 @@ service stats {
} }
} }
!include_try conf.d/*.conf # !include_try conf.d/*.conf
!include_try local.conf # !include_try local.conf

2
docker/mail/config/opendkim/TrustedHosts
View File

@ -7,5 +7,5 @@
::1 ::1
172.17.0.0/16 172.17.0.0/16
fe80::/64 fe80::/64
#HOSTNAME %hostname%

41
docker/mail/config/postfix/main.cf
View File

@ -1,19 +1,39 @@
## STANDARD POSTFIX CONFIG PARAMS ### ## STANDARD POSTFIX CONFIG PARAMS ###
myhostname = %hostname%
mydomain = %domain_root%
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost
# Intentianally blank
relayhost =
alias_maps = hash:/etc/mail/postfix/aliases
alias_database = hash:/etc/mail/postfix/aliases
smtpd_tls_cert_file = %cert_file%
smtpd_tls_key_file = %key_file%
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
#SSLv2 and SSLv3 are obsolete
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_exclude_ciphers = EXPORT, LOW
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
queue_directory = /var/spool/postfix queue_directory = /var/spool/postfix
command_directory = /usr/sbin command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix data_directory = /var/lib/postfix
mail_owner = postfix mail_owner = postfix
myhostname =
mydomain =
myorigin = $myhostname
inet_interfaces = all inet_interfaces = all
inet_protocols = all inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550 unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, [::1]/128 mynetworks = 127.0.0.0/8, [::1]/128
alias_maps = hash:/etc/mail/postfix/aliases
mailbox_command = /usr/lib/dovecot/deliver mailbox_command = /usr/lib/dovecot/deliver
@ -30,10 +50,6 @@ manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_protocols = !SSLv2
smtp_tls_exclude_ciphers = EXPORT, LOW
### VIRTUAL MAIL CONFIG PARAMS ### ### VIRTUAL MAIL CONFIG PARAMS ###
relay_domains = * relay_domains = *
@ -63,12 +79,7 @@ smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes broken_sasl_auth_clients = yes
smtpd_tls_security_level = may smtpd_tls_security_level = may
smtpd_tls_key_file =
smtpd_tls_cert_file =
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
smtpd_tls_protocols = $smtp_tls_protocols
tls_random_source = dev:/dev/urandom tls_random_source = dev:/dev/urandom
tls_random_exchange_name = /var/lib/postfix/prng_exch tls_random_exchange_name = /var/lib/postfix/prng_exch
smtpd_tls_auth_only = yes smtpd_tls_auth_only = yes

21
docker/mail/config/postfix/master.cf
View File

@ -8,21 +8,16 @@
# service type private unpriv chroot wakeup maxproc command + args # service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100) # (yes) (yes) (yes) (never) (100)
# ========================================================================== # ==========================================================================
smtp inet n - n - - smtpd smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen #smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd #smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog #dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy #tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd submission inet n - n - - smtpd
# -o syslog_name=postfix/submission -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps -o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes -o smtpd_tls_wrappermode=yes
@ -30,7 +25,7 @@ smtps inet n - n - - smtpd
-o smtpd_reject_unlisted_recipient=no -o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd #628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr qmgr unix n - n 300 1 qmgr
@ -122,5 +117,5 @@ scache unix - - n - 1 scache
#mailman unix - n n - - pipe #mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user} # ${nexthop} ${user}
dovecot unix - n n - - pipe dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

4
docker/mail/docker-compose.fragment.sh
View File

@ -12,8 +12,12 @@ cat <<EOF
- 587:587 - 587:587
- 993:993 - 993:993
volumes: volumes:
- ./docker/mail/etc:/etc
- ./docker/mail/entrypoint.sh:/usr/bin/entrypoint.sh
- ./docker/mail/mail:/var/mail - ./docker/mail/mail:/var/mail
- ./docker/mail/config:/etc/mail - ./docker/mail/config:/etc/mail
- ./docker/mail/config/postfix:/etc/postfix
- ./docker/mail/config/dovecot:/etc/dovecot
# Certbot # Certbot
- ./docker/certbot/www:/var/www/certbot - ./docker/certbot/www:/var/www/certbot
- ./docker/certbot/.files:/etc/letsencrypt - ./docker/certbot/.files:/etc/letsencrypt

51
docker/mail/entrypoint.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/sh
set -x
touch /etc/passwd
adduser nobody
adduser postfix
adduser dovecot
adduser opendkim
addgroup dovecot postfix
addgroup opendkim postfix
chown postfix:postfix "/var/mail/${MAIL_DOMAIN}"
mkdir -p "/var/opendkim/keys/"
chown opendkim:opendkim "/var/opendkim/keys/"
chmod +x "/etc/service/postfix/run"
chmod +x "/etc/service/dovecot/run"
chmod +x "/etc/service/opendkim/run"
chmod +x "/etc/service/rsyslog/run"
chmod +x "/usr/bin/entrypoint.sh"
mkdir -p "/var/mail/${MAIL_DOMAIN}/${MAIL_USER}"
# Config postfix
sed -ri \
-e "s,%hostname%,${MAIL_DOMAIN}," \
-e "s,%domain_root%,${MAIL_DOMAIN_ROOT}," \
-e "s,%cert_file%,${SSL_CERT}," \
-e "s,%key_file%,${SSL_KEY}," \
-e "s,%postmaster_address%,${MAIL_ADDRESS}," \
/etc/postfix/main.cf /etc/dovecot/dovecot.conf /etc/mail/opendkim/TrustedHosts
# Prepare mail user
touch /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd
echo "${MAIL_DOMAIN} #OK" > /etc/mail/domains
if ! grep -Fq 'root:' /etc/mail/aliases; then echo "root: ${MAIL_USER}" >> /etc/mail/aliases; fi
echo "${MAIL_USER} ${MAIL_DOMAIN}/${MAIL_USER}/" > /etc/mail/mailboxes
echo "${MAIL_USER}:${HASHED_PASSWORD}" > /etc/mail/passwd
# Run opendkim
if [ ! -e "/var/opendkim/keys/default.private" ]
then
opendkim-genkey -d "${MAIL_DOMAIN}" -D "/var/opendkim/keys/"
fi
newaliases
postmap /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd
postfix reload
dovecot
# # Run services
# s6-svscan /etc/service

10
docker/mail/etc/mail/postfix/aliases Normal file
View File

@ -0,0 +1,10 @@
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root

0
docker/mail/rootfs/etc/service/dovecot/run → docker/mail/etc/service/dovecot/run
View File

0
docker/mail/rootfs/etc/service/opendkim/run → docker/mail/etc/service/opendkim/run
View File

0
docker/mail/rootfs/etc/service/postfix/run → docker/mail/etc/service/postfix/run
View File

0
docker/mail/rootfs/etc/service/rsyslog/run → docker/mail/etc/service/rsyslog/run
View File

21
docker/mail/rootfs/usr/bin/start.sh
View File

@ -1,21 +0,0 @@
#!/bin/sh
# Run openssl
if [ ! -e "${SSL_CERT}" ]
then
mkdir -p "$(dirname ${SSL_CERT})" "$(dirname $SSL_KEY)"
openssl req -x509 -nodes -newkey rsa:2018 -days 365 -keyout "${SSL_CERT}" -out "${SSL_KEY}"
fi
# Run opendkim
if [ ! -e "/var/opendkim/keys/default.private" ]
then
opendkim-genkey -d "${DOMAINNAME}" -D "/var/opendkim/keys/"
fi
postmap /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd
postfix reload
dovecot reload
# Run services
s6-svscan /etc/service

48
docker/mail/setup.sh
View File

@ -1,48 +0,0 @@
#!/bin/sh
ROOT="$(git rev-parse --show-toplevel)"
. $ROOT/docker/mail/mail.env
cd "${0%/*}"
if [ -z "${MAIL_SUBDOMAIN}" ]
then
domain="${MAIL_DOMAIN_ROOT}"
else
domain="${MAIL_SUBDOMAIN}.${MAIL_DOMAIN_ROOT}"
fi
PASSHASH="{SHA512-CRYPT}$(mkpasswd -m sha-512 -R 5000 ${MAIL_PASSWORD})"
cat > mail.env <<EOF
#!/bin/sh
DOMAINNAME=${MAIL_DOMAIN_ROOT}
MAILNAME=${domain}
SSL_CERT=/etc/letsencrypt/live/${MAIL_DOMAIN_ROOT}/fullchain.pem
SSL_KEY=/etc/letsencrypt/live/${MAIL_DOMAIN_ROOT}/privkey.pem
MAIL_USER="${MAIL_USER}"
USER="${MAIL_USER}@${MAIL_DOMAIN_ROOT}"
EOF
. $ROOT/docker/mail/mail.env
# Config postfix
sed -i -e "s#^\s*myhostname\s*=.*#myhostname = ${MAILNAME}#" config/postfix/main.cf
sed -i -e "s#^\s*mydomain\s*=.*#mydomain = ${DOMAINNAME}#" config/postfix/main.cf
sed -i -e "s#^\s*smtpd_tls_cert_file\s*=.*#smtpd_tls_cert_file = ${SSL_CERT}#" config/postfix/main.cf
sed -i -e "s#^\s*smtpd_tls_key_file\s*=.*#smtpd_tls_key_file = ${SSL_KEY}#" config/postfix/main.cf
# Config dovecot
sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <${SSL_CERT}#" config/dovecot/dovecot.conf
sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <${SSL_KEY}#" config/dovecot/dovecot.conf
sed -i -e "s#^\s*postmaster_address\s*=.*#postmaster_address = postmaster@${DOMAINNAME}#" config/dovecot/dovecot.conf
# Config dkim
sed -i -e "s/^.*#HOSTNAME/${MAILNAME}#HOSTNAME/" config/opendkim/TrustedHosts
# Prepare mail user
touch config/aliases config/domains config/mailboxes config/passwd
echo "${DOMAINNAME} #OK" > config/domains
echo "${USER} ${USER}" > config/aliases
echo "${USER} ${DOMAINNAME}/${MAIL_USER}/" > config/mailboxes
echo "${USER}:${PASSHASH}" > config/passwd

2
docker/nginx/domain.sh
View File

@ -2,5 +2,5 @@
# Can't do sed inplace, because the file would be busy # Can't do sed inplace, because the file would be busy
cat /var/nginx/social.conf | \ cat /var/nginx/social.conf | \
sed -r "s/%hostname%/${DOMAIN}/g;" > \ sed -r "s/%hostname%/${WEB_DOMAIN}/g;" > \
/etc/nginx/conf.d/social.conf /etc/nginx/conf.d/social.conf