diff options
author | Jesse Luehrs <doy@tozt.net> | 2019-02-19 00:39:14 -0500 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2019-02-19 00:39:14 -0500 |
commit | 2f46554d12ec7ac24b2bef053b90186834baabff (patch) | |
tree | 54532eb7ae2ccdc47b11c1c268d83995702ce15f | |
parent | 318445114d9126ef0290e5ffea2777687a3ee316 (diff) | |
download | puppet-tozt-2f46554d12ec7ac24b2bef053b90186834baabff.tar.gz puppet-tozt-2f46554d12ec7ac24b2bef053b90186834baabff.zip |
start over a bit with mailu
-rwxr-xr-x | modules/mail/facts.d/bind_address | 5 | ||||
-rw-r--r-- | modules/mail/files/dhparam.pem | 13 | ||||
-rw-r--r-- | modules/mail/files/dkim_signing.conf | 1 | ||||
-rw-r--r-- | modules/mail/files/docker-compose.yml | 97 | ||||
-rw-r--r-- | modules/mail/files/env | 26 | ||||
-rw-r--r-- | modules/mail/files/mailu.env | 159 | ||||
-rw-r--r-- | modules/mail/files/mailu.service (renamed from modules/mail/files/service) | 0 | ||||
-rw-r--r-- | modules/mail/manifests/mailu.pp | 62 | ||||
-rw-r--r-- | modules/mail/templates/docker-compose.yml.erb | 118 |
9 files changed, 288 insertions, 193 deletions
diff --git a/modules/mail/facts.d/bind_address b/modules/mail/facts.d/bind_address new file mode 100755 index 0000000..2ba364f --- /dev/null +++ b/modules/mail/facts.d/bind_address @@ -0,0 +1,5 @@ +#!/bin/sh +set -eu +set -o pipefail + +curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address diff --git a/modules/mail/files/dhparam.pem b/modules/mail/files/dhparam.pem deleted file mode 100644 index bb54913..0000000 --- a/modules/mail/files/dhparam.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIICCAKCAgEA7AdtK45QmalmavuKKleQB98HE03rd9I0RarkQLnVyQ9CKTQY6sqr -1TmWf6nzEU6ALnToanaTX30R30p28mz9pNbSK942wR8Gkiz22BTRNl3sykbAwvHA -e5ZM51w7OY3LOPTa1YT2P2grnu4H39oujN4SrzdQxzKGgOQVacYAsavRwh4v7VgI -grqbe1IjNHdsNhM7h+5DlXGMhNtMdH9dGkW/LiQvHGencbfK+2VmoJHoa2J3UgVE -bizm9UHFXcWd2duVAFVQZx9PgOL6xIPtBTN6If45B+4nsrYFr/GsXk/DCtSTI9rP -VEYEpGFgOz5gLFQJO+QySpRgkeQlge+WiC7XbRd1owrY7GuM3jSSVKFTGrhKa1wG -DbGSD97OeI1aCgOKWFk3CBe5ezq0JvkeRbrE3Y4Y3/y4pY+mKf0Xd65acRf7E0th -OiI9gNOBdQQ5FlZSHvxxJg5gpNLmytjMEHMLRbSLON6nxNyRF/m0rIKrdSnmhYiI -nBQbq4u2wKtN4I4yvuSUD9NqQVZXYk9RH2agW7SovGWHlteYVmKdBWq7iZjcuWT2 -15S5kdv3rnUs3F955PTbDfDkf2nlNcghEqYvLXggzptH27HcO/RWFuDd1lxkeKv1 -H+b4OBHlywZEon13wf0ktj7Xg4GqN0tfbr3koIHaTvYC9CGmFaAhEAsCAQI= ------END DH PARAMETERS----- diff --git a/modules/mail/files/dkim_signing.conf b/modules/mail/files/dkim_signing.conf deleted file mode 100644 index b1ddead..0000000 --- a/modules/mail/files/dkim_signing.conf +++ /dev/null @@ -1 +0,0 @@ -use_esld = false; diff --git a/modules/mail/files/docker-compose.yml b/modules/mail/files/docker-compose.yml deleted file mode 100644 index 747ba65..0000000 --- a/modules/mail/files/docker-compose.yml +++ /dev/null @@ -1,97 +0,0 @@ -version: '2' - -services: - - front: - image: mailu/nginx:$VERSION - restart: always - env_file: .env - ports: - - "$BIND_ADDRESS4:80:80" - - "$BIND_ADDRESS4:443:443" - - "$BIND_ADDRESS4:110:110" - - "$BIND_ADDRESS4:143:143" - - "$BIND_ADDRESS4:993:993" - - "$BIND_ADDRESS4:995:995" - - "$BIND_ADDRESS4:25:25" - - "$BIND_ADDRESS4:465:465" - - "$BIND_ADDRESS4:587:587" - volumes: - - "$ROOT/certs:/certs" - - redis: - image: redis:alpine - restart: always - volumes: - - "$ROOT/redis:/data" - - imap: - image: mailu/dovecot:$VERSION - restart: always - env_file: .env - volumes: - - "$ROOT/data:/data" - - "$ROOT/mail:/mail" - - "$ROOT/overrides:/overrides" - depends_on: - - front - - smtp: - image: mailu/postfix:$VERSION - restart: always - env_file: .env - volumes: - - "$ROOT/data:/data" - - "$ROOT/overrides:/overrides" - depends_on: - - front - - antispam: - image: mailu/rspamd:$VERSION - restart: always - env_file: .env - volumes: - - "$ROOT/filter:/var/lib/rspamd" - - "$ROOT/dkim:/dkim" - - "$ROOT/overrides/rspamd:/etc/rspamd/override.d" - depends_on: - - front - - antivirus: - image: mailu/$ANTIVIRUS:$VERSION - restart: always - env_file: .env - volumes: - - "$ROOT/filter:/data" - - webdav: - image: mailu/$WEBDAV:$VERSION - restart: always - env_file: .env - volumes: - - "$ROOT/dav:/data" - - admin: - image: mailu/admin:$VERSION - restart: always - env_file: .env - volumes: - - "$ROOT/data:/data" - - "$ROOT/dkim:/dkim" - - /var/run/docker.sock:/var/run/docker.sock:ro - depends_on: - - redis - - webmail: - image: "mailu/$WEBMAIL:$VERSION" - restart: always - env_file: .env - volumes: - - "$ROOT/webmail:/data" - - fetchmail: - image: mailu/fetchmail:$VERSION - restart: always - env_file: .env - volumes: - - "$ROOT/data:/data" diff --git a/modules/mail/files/env b/modules/mail/files/env deleted file mode 100644 index ab79b29..0000000 --- a/modules/mail/files/env +++ /dev/null @@ -1,26 +0,0 @@ -ROOT=/media/persistent -VERSION=1.5 -DOMAIN=new.tozt.net -HOSTNAMES=newsmtp.tozt.net -POSTMASTER=admin -TLS_FLAVOR=letsencrypt -AUTH_RATELIMIT=10/minute;1000/hour -DISABLE_STATISTICS=True -ADMIN=true -WEBMAIL=rainloop -WEBDAV=radicale -ANTIVIRUS=none -MESSAGE_SIZE_LIMIT=50000000 -RELAYNETS=172.16.0.0/12 -RELAYHOST= -FETCHMAIL_DELAY=600 -RECIPIENT_DELIMITER=+ -DMARC_RUA=admin -DMARC_RUF=admin -WELCOME=false -WEB_ADMIN=/admin -WEB_WEBMAIL=/webmail -SITENAME=tozt.net -WEBSITE=https://tozt.net/ -COMPOSE_PROJECT_NAME=mailu -PASSWORD_SCHEME=SHA512-CRYPT diff --git a/modules/mail/files/mailu.env b/modules/mail/files/mailu.env new file mode 100644 index 0000000..2b58dae --- /dev/null +++ b/modules/mail/files/mailu.env @@ -0,0 +1,159 @@ +# Mailu main configuration file +# +# Generated for compose flavor +# +# This file is autogenerated by the configuration management wizard. +# For a detailed list of configuration variables, see the documentation at +# https://mailu.io + +################################### +# Common configuration variables +################################### + +# Set this to the path where Mailu data and configuration is stored +# This variable is now set directly in `docker-compose.yml by the setup utility +# ROOT=/media/persistent + +# Mailu version to run (1.0, 1.1, etc. or master) +#VERSION=1.6 + +# Set to a randomly generated 16 bytes string +SECRET_KEY=KBLWPEM0GW3950ET + +# Address where listening ports should bind +# This variables are now set directly in `docker-compose.yml by the setup utility +# PUBLIC_IPV4= 127.0.0.1 (default: 127.0.0.1) +# PUBLIC_IPV6= ::1 (default: ::1) + +# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!) +SUBNET=192.168.203.0/24 + +# Main mail domain +DOMAIN=new.tozt.net + +# Hostnames for this server, separated with comas +HOSTNAMES=newsmtp.tozt.net + +# Postmaster local part (will append the main mail domain) +POSTMASTER=admin + +# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt) +TLS_FLAVOR=letsencrypt + +# Authentication rate limit (per source IP address) +AUTH_RATELIMIT=10/minute;1000/hour + +# Opt-out of statistics, replace with "True" to opt out +DISABLE_STATISTICS=True + +################################### +# Optional features +################################### + +# Expose the admin interface (value: true, false) +ADMIN=true + +# Choose which webmail to run if any (values: roundcube, rainloop, none) +WEBMAIL=rainloop + +# Dav server implementation (value: radicale, none) +WEBDAV=radicale + +# Antivirus solution (value: clamav, none) +#ANTIVIRUS=none + +#Antispam solution +ANTISPAM=none + +################################### +# Mail settings +################################### + +# Message size limit in bytes +# Default: accept messages up to 50MB +# Max attachment size will be 33% smaller +MESSAGE_SIZE_LIMIT=50000000 + +# Networks granted relay permissions +# Use this with care, all hosts in this networks will be able to send mail without authentication! +RELAYNETS= + +# Will relay all outgoing mails if configured +RELAYHOST= + +# Fetchmail delay +FETCHMAIL_DELAY=600 + +# Recipient delimiter, character used to delimiter localpart from custom address part +RECIPIENT_DELIMITER=+ + +# DMARC rua and ruf email +DMARC_RUA=admin +DMARC_RUF=admin + +# Welcome email, enable and set a topic and body if you wish to send welcome +# emails to all users. +WELCOME=false +WELCOME_SUBJECT=Welcome to your new email account +WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly! + +# Maildir Compression +# choose compression-method, default: none (value: bz2, gz) +COMPRESSION= +# change compression-level, default: 6 (value: 1-9) +COMPRESSION_LEVEL= + +################################### +# Web settings +################################### + +# Path to redirect / to +WEBROOT_REDIRECT=/webmail + +# Path to the admin interface if enabled +WEB_ADMIN=/admin + +# Path to the webmail if enabled +WEB_WEBMAIL=/webmail + +# Website name +SITENAME=tozt.net + +# Linked Website URL +WEBSITE=https://tozt.net + + + +################################### +# Advanced settings +################################### + +# Log driver for front service. Possible values: +# json-file (default) +# journald (On systemd platforms, useful for Fail2Ban integration) +# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) +# LOG_DRIVER=json-file + +# Docker-compose project name, this will prepended to containers names. +COMPOSE_PROJECT_NAME=mailu + +# Default password scheme used for newly created accounts and changed passwords +# (value: BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT) +PASSWORD_SCHEME=BLF-CRYPT + +# Header to take the real ip from +REAL_IP_HEADER= + +# IPs for nginx set_real_ip_from (CIDR list separated by commas) +REAL_IP_FROM= + +# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no) +REJECT_UNLISTED_RECIPIENT= + +# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET) +LOG_LEVEL=WARNING + +################################### +# Database settings +################################### +DB_FLAVOR=sqlite diff --git a/modules/mail/files/service b/modules/mail/files/mailu.service index 2c3712e..2c3712e 100644 --- a/modules/mail/files/service +++ b/modules/mail/files/mailu.service diff --git a/modules/mail/manifests/mailu.pp b/modules/mail/manifests/mailu.pp index dd53440..3aead66 100644 --- a/modules/mail/manifests/mailu.pp +++ b/modules/mail/manifests/mailu.pp @@ -3,52 +3,13 @@ class mail::mailu { include docker include haveged - package { "opendkim": - ensure => installed; - } - file { "/media/persistent/docker-compose.yml": - source => "puppet:///modules/mail/docker-compose.yml", - require => Class["mail::persistent"]; - "/media/persistent/.env.tmpl": - source => "puppet:///modules/mail/env", - require => Class["mail::persistent"]; - "/media/persistent/certs": - ensure => directory, - require => Class["mail::persistent"]; - "/media/persistent/dkim": - ensure => directory, + content => template("mail/docker-compose.yml.erb"), require => Class["mail::persistent"]; - "/media/persistent/certs/dhparam.pem": - source => "puppet:///modules/mail/dhparam.pem", - require => File["/media/persistent/certs"]; - "/media/persistent/overrides": - ensure => directory, + "/media/persistent/.env.common": + content => "puppet:///modules/mail/mailu.env", require => Class["mail::persistent"]; - "/media/persistent/overrides/rspamd": - ensure => directory, - require => File["/media/persistent/overrides"]; - "/media/persistent/overrides/rspamd/dkim_signing.conf": - source => "puppet:///modules/mail/dkim_signing.conf", - require => File["/media/persistent/overrides/rspamd"]; - } - - exec { "generate dkim keys": - provider => shell, - command => " - opendkim-genkey -s dkim -d new.tozt.net - mv dkim.private /media/persistent/dkim/new.tozt.net.dkim.key - mv dkim.txt /media/persistent/dkim/new.tozt.net.dkim.pub - ", - cwd => "/media/persistent", - creates => "/media/persistent/dkim/new.tozt.net.dkim.key", - require => [ - Class["haveged"], - Package["opendkim"], - Class["mail::persistent"], - File["/media/persistent/dkim"], - ]; } exec { "generate mailu secret key": @@ -63,29 +24,18 @@ class mail::mailu { ] } - exec { "find local ip address": - provider => shell, - command => "echo BIND_ADDRESS4=`curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address` > /run/mailu_bind_address", - creates => "/run/mailu_bind_address"; - } - exec { "create env file": provider => shell, - command => "cat /media/persistent/.env.tmpl /media/persistent/secret-key /run/mailu_bind_address > /media/persistent/.env", - unless => " - test -f /media/persistent/.env &&\ - test -f /run/mailu_bind_address &&\ - grep -F `cat /run/mailu_bind_address` /media/persistent/.env - ", + command => "cat /media/persistent/.env.common /media/persistent/secret-key > /media/persistent/mailu.env", + creates => "/media/persistent/mailu.env", subscribe => [ Exec["generate mailu secret key"], - Exec["find local ip address"], File["/media/persistent/.env.tmpl"], ]; } file { "/etc/systemd/system/mailu.service": - source => "puppet:///modules/mail/service", + source => "puppet:///modules/mail/mailu.service", notify => Exec["/usr/bin/systemctl daemon-reload"]; } diff --git a/modules/mail/templates/docker-compose.yml.erb b/modules/mail/templates/docker-compose.yml.erb new file mode 100644 index 0000000..75f4836 --- /dev/null +++ b/modules/mail/templates/docker-compose.yml.erb @@ -0,0 +1,118 @@ +# This file is auto-generated by the Mailu configuration wizard. +# Please read the documentation before attempting any change. +# Generated for compose flavor + +version: '3.6' + +services: + + # External dependencies + redis: + image: redis:alpine + restart: always + volumes: + - "/media/persistent/redis:/data" + + # Core services + front: + image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.6} + restart: always + env_file: mailu.env + logging: + driver: json-file + ports: + - "<%= @bind_address %>:80:80" + - "<%= @bind_address %>:443:443" + - "<%= @bind_address %>:25:25" + - "<%= @bind_address %>:465:465" + - "<%= @bind_address %>:587:587" + - "<%= @bind_address %>:110:110" + - "<%= @bind_address %>:995:995" + - "<%= @bind_address %>:143:143" + - "<%= @bind_address %>:993:993" + volumes: + - "/media/persistent/certs:/certs" + - "/media/persistent/overrides/nginx:/overrides" + + resolver: + image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-1.6} + env_file: mailu.env + restart: always + networks: + default: + ipv4_address: 192.168.203.254 + + admin: + image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-1.6} + restart: always + env_file: mailu.env + volumes: + - "/media/persistent/data:/data" + - "/media/persistent/dkim:/dkim" + depends_on: + - redis + + imap: + image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.6} + restart: always + env_file: mailu.env + volumes: + - "/media/persistent/mail:/mail" + - "/media/persistent/overrides:/overrides" + depends_on: + - front + + smtp: + image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.6} + restart: always + env_file: mailu.env + volumes: + - "/media/persistent/overrides:/overrides" + depends_on: + - front + - resolver + dns: + - 192.168.203.254 + + antispam: + image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.6} + restart: always + env_file: mailu.env + volumes: + - "/media/persistent/filter:/var/lib/rspamd" + - "/media/persistent/dkim:/dkim" + - "/media/persistent/overrides/rspamd:/etc/rspamd/override.d" + depends_on: + - front + - resolver + dns: + - 192.168.203.254 + + # Optional services + + webdav: + image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-1.6} + restart: always + env_file: mailu.env + volumes: + - "/media/persistent/dav:/data" + + + # Webmail + webmail: + image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rainloop:${MAILU_VERSION:-1.6} + restart: always + env_file: mailu.env + volumes: + - "/media/persistent/webmail:/data" + depends_on: + - imap + + +networks: + default: + driver: bridge + ipam: + driver: default + config: + - subnet: 192.168.203.0/24 |