From be14957a0e090372fe83e370a4b8ab0626ba8a3e Mon Sep 17 00:00:00 2001 From: Benjamin Bohard Date: Wed, 18 Sep 2024 15:30:17 +0200 Subject: [PATCH] =?UTF-8?q?Ajout=20d=E2=80=99une=20passerelle=20de=20messa?= =?UTF-8?q?gerie=20pour=20les=20conteneurs.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- env/.env | 23 ++++++++++++- misc/images/mta/containers/Dockerfile | 33 +++++++++++++++++++ .../mta/containers/docker-entrypoint.sh | 33 +++++++++++++++++++ .../mta/containers/set-exim4-update-conf | 28 ++++++++++++++++ nine.sh | 32 +++++++++++++++--- .../01-mta/dockercompose/dockercompose.yml | 14 ++++++++ services/01-mta/env/.env | 4 +++ services/01-mta/misc/nine.sh | 22 +++++++++++++ services/01-mta/secrets/postfix_password.txt | 1 + .../dockercompose/dockercompose.yml | 2 +- .../dockercompose/dockercompose.yml | 2 +- .../30-minio/dockercompose/dockercompose.yml | 4 +-- .../dockercompose/dockercompose.yml | 2 +- .../30-redis/dockercompose/dockercompose.yml | 2 +- .../dockercompose/dockercompose.yml | 2 +- .../dockercompose/dockercompose.yml | 2 +- .../dockercompose/dockercompose.yml | 2 +- .../dockercompose/dockercompose.yml | 2 +- .../dockercompose/dockercompose.yml | 2 +- .../dockercompose/dockercompose.yml | 2 +- .../dockercompose/dockercompose.yml | 2 +- .../dockercompose/dockercompose.yml | 2 +- .../dockercompose/dockercompose.yml | 11 +++++++ services/90-fakesmtp/env/.env | 0 services/90-fakesmtp/misc/nine.sh | 22 +++++++++++++ .../dockercompose/dockercompose.yml | 2 +- 26 files changed, 232 insertions(+), 21 deletions(-) create mode 100755 misc/images/mta/containers/Dockerfile create mode 100644 misc/images/mta/containers/docker-entrypoint.sh create mode 100644 misc/images/mta/containers/set-exim4-update-conf create mode 100644 services/01-mta/dockercompose/dockercompose.yml create mode 100644 services/01-mta/env/.env create mode 100644 services/01-mta/misc/nine.sh create mode 100644 services/01-mta/secrets/postfix_password.txt create mode 100644 services/90-fakesmtp/dockercompose/dockercompose.yml create mode 100644 services/90-fakesmtp/env/.env create mode 100644 services/90-fakesmtp/misc/nine.sh diff --git a/env/.env b/env/.env index b7a0f25..262b9cc 100644 --- a/env/.env +++ b/env/.env @@ -34,6 +34,28 @@ NINEAPACHE_SERVICE_NAME=nineapache NINEAPACHE_ACTIVATE=1 NINEAPACHE_LOCAL=1 +# MTA +# passerelle courriel +MTA_SERVICE_NAME=mta +MTA_ACTIVATE=1 +MTA_LOCAL=1 +MTA_RELAY_HOST= +MTA_RELAY_PORT= +MTA_RELAY_USER="user" + +# DEBUGING MTA +# fake-smtp server +FAKE_SMTP_NAME=fakesmtp +FAKE_SMTP_LOCAL=1 +FAKE_SMTP_ACTIVATE=1 +# si actif, il faut sans doute l’utiliser +# comme passerelle pour le service MTA +#if [ "$FAKE_SMTP_ACTIVATE" -eq 1 ] +#then +# MTA_RELAY_HOST="$FAKE_SMTP_NAME" +# MTA_RELAY_PORT=2525 +#fi + # MARIADB MARIADB_SERVICE_NAME=mariadb MARIADB_ACTIVATE=1 @@ -59,7 +81,6 @@ MINIO_HOST=${MINIO_SERVICE_NAME} MINIO_PORT=9000 MINIO_URL=${PROTOCOLE}://${WEB_URL}:9001 - # OPENLDAP # LDAP_SYNC Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP OPENLDAP_SERVICE_NAME=openldap diff --git a/misc/images/mta/containers/Dockerfile b/misc/images/mta/containers/Dockerfile new file mode 100755 index 0000000..7364580 --- /dev/null +++ b/misc/images/mta/containers/Dockerfile @@ -0,0 +1,33 @@ +FROM debian:buster-slim + +RUN set -eux; \ + apt-get update; \ + apt-get install -y \ + exim4-daemon-light \ + tini \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + ln -svfT /etc/hostname /etc/mailname + +# https://blog.dhampir.no/content/exim4-line-length-in-debian-stretch-mail-delivery-failed-returning-message-to-sender +# https://serverfault.com/a/881197 +# https://bugs.debian.org/828801 +RUN echo "IGNORE_SMTP_LINE_LENGTH_LIMIT='true'" >> /etc/exim4/exim4.conf.localmacros + +RUN set -eux; \ + mkdir -p /var/spool/exim4 /var/log/exim4; \ + chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4 + +COPY set-exim4-update-conf docker-entrypoint.sh /usr/local/bin/ +RUN set -eux; \ + set-exim4-update-conf \ + dc_eximconfig_configtype 'internet' \ + dc_hide_mailname 'true' \ + dc_local_interfaces '0.0.0.0 ; ::0' \ + dc_other_hostnames '' \ + dc_relay_nets '0.0.0.0/0' \ + ; + +EXPOSE 25 +ENTRYPOINT ["docker-entrypoint.sh"] +CMD ["exim", "-bd", "-v"] diff --git a/misc/images/mta/containers/docker-entrypoint.sh b/misc/images/mta/containers/docker-entrypoint.sh new file mode 100644 index 0000000..2fd38c1 --- /dev/null +++ b/misc/images/mta/containers/docker-entrypoint.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -Eeuo pipefail + +if [ "$1" = 'exim' ]; then + if [ -n "${GMAIL_USER:-}" ] && [ -n "${GMAIL_PASSWORD:-}" ]; then + # see https://wiki.debian.org/GmailAndExim4 + export EXIM4_SMARTHOST='smtp.gmail.com::587' \ + EXIM4_SMARTHOST_USER="$GMAIL_USER" \ + EXIM4_SMARTHOST_PASSWORD="$GMAIL_PASSWORD" + fi + unset GMAIL_USER GMAIL_PASSWORD # scrub env of creds + + if [ -n "${EXIM4_SMARTHOST:-}" ]; then + set-exim4-update-conf \ + dc_eximconfig_configtype 'smarthost' \ + dc_smarthost "$EXIM4_SMARTHOST" + if [ -n "${EXIM4_SMARTHOST_USER:-}" ] && [ -n "${EXIM4_SMARTHOST_PASSWORD:-}" ]; then + echo "*:$EXIM4_SMARTHOST_USER:$EXIM4_SMARTHOST_PASSWORD" > /etc/exim4/passwd.client + fi + fi + unset EXIM4_SMARTHOST EXIM4_SMARTHOST_USER EXIM4_SMARTHOST_PASSWORD # scrub env of creds + + if [ "$(id -u)" = '0' ]; then + mkdir -p /var/spool/exim4 /var/log/exim4 || : + chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4 || : + fi + + if [ "$$" = 1 ]; then + set -- tini -- "$@" + fi +fi + +exec "$@" diff --git a/misc/images/mta/containers/set-exim4-update-conf b/misc/images/mta/containers/set-exim4-update-conf new file mode 100644 index 0000000..192dfd9 --- /dev/null +++ b/misc/images/mta/containers/set-exim4-update-conf @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +conf='/etc/exim4/update-exim4.conf.conf' + +args=() +while [ "$#" -gt 0 ]; do + key="$1" + value="$2" + shift 2 + + if ! grep -qE "^#?${key}=" "$conf"; then + echo >&2 "error: '$key' not found in '$conf'" + exit 1 + fi + + sed_escaped_value="$(sed -e 's/[\/&]/\\&/g' <<<"$value")" + args+=( -e "s/^#?(${key})=.*/\1='${sed_escaped_value}'/" ) +done + +if [ "${#args[@]}" -eq 0 ]; then + echo >&2 "error: nothing to do?" + exit 1 +fi + +set -x +sed -ri "${args[@]}" "$conf" +update-exim4.conf -v diff --git a/nine.sh b/nine.sh index cd76bfc..2e0ee45 100755 --- a/nine.sh +++ b/nine.sh @@ -123,18 +123,40 @@ env(){ # Construction du dockercompose dockercompose() { - echo "services:" > docker-compose.yml + echo "services:" > services.yml + echo "secrets:" > secrets.yml + echo "networks:" > networks.yml + echo " nine-network:" >> networks.yml + echo " name: nine-network" >> networks.yml for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do # Construction du docker-compose if [ -f "$dir/dockercompose/dockercompose.yml" ]; then - cat "$dir/dockercompose/dockercompose.yml" >> docker-compose.yml + unset section + while read; do + case $REPLY in + "services:") + section=${REPLY%:} + ;; + "secrets:") + section=${REPLY%:} + ;; + "networks:") + section=${REPLY%:} + ;; + *) + if [ -n "$section" ]; then + echo "$REPLY" >> ${section}.yml + fi + ;; + + esac + done < "$dir/dockercompose/dockercompose.yml" fi done + cat services.yml secrets.yml networks.yml > docker-compose.yml + rm -f services.yml secrets.yml networks.yml - echo "networks:" >> docker-compose.yml - echo " nine-network:" >> docker-compose.yml - echo " name: nine-network" >> docker-compose.yml } #=========================================================================================================================================== diff --git a/services/01-mta/dockercompose/dockercompose.yml b/services/01-mta/dockercompose/dockercompose.yml new file mode 100644 index 0000000..c6a449e --- /dev/null +++ b/services/01-mta/dockercompose/dockercompose.yml @@ -0,0 +1,14 @@ +# Passerelle courriel pour les autres conteneurs +services: + mta: + image: postfix + container_name: mta + restart: unless-stopped + env_file: ./services/01-mta/env/.env.merge + networks: + - nine-network + secrets: + - postfix_password +secrets: + postfix_password: + file: ./services/01-mta/secrets/postfix_password.txt diff --git a/services/01-mta/env/.env b/services/01-mta/env/.env new file mode 100644 index 0000000..4835432 --- /dev/null +++ b/services/01-mta/env/.env @@ -0,0 +1,4 @@ +POSTFIX_HOSTNAME="nine.local" +POSTFIX_RELAY_HOST="$MTA_RELAY_HOST:$MTA_RELAY_PORT" +POSTFIX_RELAY_USER="$MTA_RELAY_USER" +POSTFIX_RELAY_PASSWORD_FILE="/run/secrets/postfix_password" diff --git a/services/01-mta/misc/nine.sh b/services/01-mta/misc/nine.sh new file mode 100644 index 0000000..3e27100 --- /dev/null +++ b/services/01-mta/misc/nine.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +function upmta { + if [[ $MTA_ACTIVATE == 1 && $MTA_LOCAL == 1 ]] + then + Title ${MTA_SERVICE_NAME^^} + EchoVert "CONTAINER" + upservice ${MTA_SERVICE_NAME} + Echo + fi +} + +function destroymta { + if [[ $MTA_LOCAL == 1 ]] + then + Title "DESTROY ${MTA_SERVICE_NAME}" + + stop ${MTA_SERVICE_NAME} 1 + docker-compose rm -s -v -f "${MTA_SERVICE_NAME}" + echo "" + fi +} diff --git a/services/01-mta/secrets/postfix_password.txt b/services/01-mta/secrets/postfix_password.txt new file mode 100644 index 0000000..d97c5ea --- /dev/null +++ b/services/01-mta/secrets/postfix_password.txt @@ -0,0 +1 @@ +secret diff --git a/services/10-nineapache/dockercompose/dockercompose.yml b/services/10-nineapache/dockercompose/dockercompose.yml index db6f505..569422e 100644 --- a/services/10-nineapache/dockercompose/dockercompose.yml +++ b/services/10-nineapache/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Nineapache # Reverse proxy de l'ensemble des services # Seul port ouvert sur l'exterieur diff --git a/services/15-mariadb/dockercompose/dockercompose.yml b/services/15-mariadb/dockercompose/dockercompose.yml index 5c37a9a..853de7c 100644 --- a/services/15-mariadb/dockercompose/dockercompose.yml +++ b/services/15-mariadb/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Mariadb # Base de données des services # Port interne 3306 diff --git a/services/30-minio/dockercompose/dockercompose.yml b/services/30-minio/dockercompose/dockercompose.yml index 7831692..188bd79 100644 --- a/services/30-minio/dockercompose/dockercompose.yml +++ b/services/30-minio/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Minio # Stocakge S3 # Port interne 9000 pour le stockage / Port interne 9001 pour l'interface web @@ -12,4 +12,4 @@ networks: - nine-network volumes: - - './services/30-minio/volume/data:/data' \ No newline at end of file + - './services/30-minio/volume/data:/data' diff --git a/services/30-openldap/dockercompose/dockercompose.yml b/services/30-openldap/dockercompose/dockercompose.yml index adf280e..b3c1328 100644 --- a/services/30-openldap/dockercompose/dockercompose.yml +++ b/services/30-openldap/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Openldap # Annuaire # Port interne 1389 & 1636 diff --git a/services/30-redis/dockercompose/dockercompose.yml b/services/30-redis/dockercompose/dockercompose.yml index 52b316f..79d1112 100644 --- a/services/30-redis/dockercompose/dockercompose.yml +++ b/services/30-redis/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Redis # Base de données redis pour les services qui souhaitent stocker leur session en bdd # Port interne 6379 diff --git a/services/40-keycloak/dockercompose/dockercompose.yml b/services/40-keycloak/dockercompose/dockercompose.yml index c618015..e2e1287 100644 --- a/services/40-keycloak/dockercompose/dockercompose.yml +++ b/services/40-keycloak/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Keycloak # serveur SSO # Port interne 8999 & 8443 diff --git a/services/50-dokuwiki/dockercompose/dockercompose.yml b/services/50-dokuwiki/dockercompose/dockercompose.yml index 3f9c164..ddd350e 100644 --- a/services/50-dokuwiki/dockercompose/dockercompose.yml +++ b/services/50-dokuwiki/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Dokuwiki # Wiki # Port interne 80 diff --git a/services/50-nextcloud/dockercompose/dockercompose.yml b/services/50-nextcloud/dockercompose/dockercompose.yml index 74f5600..cc4b3cd 100644 --- a/services/50-nextcloud/dockercompose/dockercompose.yml +++ b/services/50-nextcloud/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Nextcloud # Hébergement de fichiers et une plateforme de collaboration # Port interne 80 diff --git a/services/50-nineboard/dockercompose/dockercompose.yml b/services/50-nineboard/dockercompose/dockercompose.yml index 32e39e7..2051c21 100644 --- a/services/50-nineboard/dockercompose/dockercompose.yml +++ b/services/50-nineboard/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Nineboard # Tableaux de bord collaboratif # Port interne 80 diff --git a/services/50-ninegate/dockercompose/dockercompose.yml b/services/50-ninegate/dockercompose/dockercompose.yml index 19693dc..ef11684 100644 --- a/services/50-ninegate/dockercompose/dockercompose.yml +++ b/services/50-ninegate/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Ninegate # Portail collaboratif # Port interne 80 diff --git a/services/50-nineskeletor/dockercompose/dockercompose.yml b/services/50-nineskeletor/dockercompose/dockercompose.yml index d886920..d4e7d0c 100644 --- a/services/50-nineskeletor/dockercompose/dockercompose.yml +++ b/services/50-nineskeletor/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Nineskeletor # Portail collaboratif # Port interne 80 diff --git a/services/50-wordpress/dockercompose/dockercompose.yml b/services/50-wordpress/dockercompose/dockercompose.yml index d1319d2..dee5684 100644 --- a/services/50-wordpress/dockercompose/dockercompose.yml +++ b/services/50-wordpress/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Wordpress # Reseau de blog # Port interne 80 diff --git a/services/90-adminer/dockercompose/dockercompose.yml b/services/90-adminer/dockercompose/dockercompose.yml index f53a27e..b51c9b2 100644 --- a/services/90-adminer/dockercompose/dockercompose.yml +++ b/services/90-adminer/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Adminer # Gestionnaire BDD # Port interne 8080 diff --git a/services/90-fakesmtp/dockercompose/dockercompose.yml b/services/90-fakesmtp/dockercompose/dockercompose.yml new file mode 100644 index 0000000..e0c3668 --- /dev/null +++ b/services/90-fakesmtp/dockercompose/dockercompose.yml @@ -0,0 +1,11 @@ +# Passerelle courriel pour les autres conteneurs +services: + fakesmtp: + image: reg.cadoles.com/cadoles/fake-smtp + container_name: fakesmtp + restart: unless-stopped + env_file: ./services/90-fakesmtp/env/.env.merge + networks: + - nine-network + ports: + - "8080:8080" diff --git a/services/90-fakesmtp/env/.env b/services/90-fakesmtp/env/.env new file mode 100644 index 0000000..e69de29 diff --git a/services/90-fakesmtp/misc/nine.sh b/services/90-fakesmtp/misc/nine.sh new file mode 100644 index 0000000..9db375d --- /dev/null +++ b/services/90-fakesmtp/misc/nine.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +function upfakesmtp { + if [[ $FAKE_SMTP_ACTIVATE == 1 && $FAKE_SMTP_LOCAL == 1 ]] + then + Title ${FAKE_SMTP_NAME^^} + EchoVert "CONTAINER" + upservice ${FAKE_SMTP_NAME} + Echo + fi +} + +function destroyfakesmtp { + if [[ $FAKE_SMTP_LOCAL == 1 ]] + then + Title "DESTROY ${FAKE_SMTP_NAME}" + + stop ${FAKE_SMTP_NAME} 1 + docker-compose rm -s -v -f "${FAKE_SMTP_NAME}" + echo "" + fi +} diff --git a/services/90-phpldapadmin/dockercompose/dockercompose.yml b/services/90-phpldapadmin/dockercompose/dockercompose.yml index 57acf7f..d72615c 100644 --- a/services/90-phpldapadmin/dockercompose/dockercompose.yml +++ b/services/90-phpldapadmin/dockercompose/dockercompose.yml @@ -1,4 +1,4 @@ - +services: # Phpldapadmin # Gestionnaire Annuaire # Port interne 80