Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[email] WIP

Browse Source
This commit is contained in:
Drew Haven
2025-04-08 16:32:19 -07:00
parent 604617f4f4
commit a468e87d49
5 changed files with 49 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
system/hosts/mcp/containers/email.nix
View File

@@ -7,28 +7,14 @@ in {
image = "ghcr.io/docker-mailserver/docker-mailserver:latest";
hostname = "mail.${blazestar}";
autoStart = true;
ports = [
"465:465"
"587:587"
"993:993"
];
volumes = [
"/tank/mailserver/mail-data:/var/mail"
"/tank/mailserver/mail-state:/var/mail-state"
"/tank/mailserver/mail-logs:/var/log/mail"
"/tank/mailserver/config:/tmp/docker-mailserver"
"/etc/localtime:/etc/localtime:ro"
"/tank/config/traefik/acme/acme.json:/etc/letsencrypt/acme.json:ro"
];
# environment = {
# See https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/
# docker-mailserver uses 0 and 1 for false and true respectively
# ENABLE_RSPAMD="1";
# ENABLE_CLAMAV="1";
# ENABLE_FAIL2BAN="1";
# LOG_LEVEL="info";
# ENABLE_POP3="0";
# ENABLE_IMAP="1";
# };
environmentFiles = [
./email/mailserver.env
];
@@ -37,8 +23,7 @@ in {
"--cap-add=NET_ADMIN"
];
labels = {
"traefik.enable" = "true";
"traefik.tcp.routers.mail.service" = "mailserver";
"traefik.enable" = "false";
};
};
}

1
system/hosts/mcp/containers/email/mailserver.env
View File

@@ -239,6 +239,7 @@ SMTP_ONLY=
# manual => Let's you manually specify locations of your SSL certificates for non-standard cases
# self-signed => Enables self-signed certificates
SSL_TYPE=letsencrypt
SSL_DOMAIL=mail.blazestar.net
# These are only supported with `SSL_TYPE=manual`.
# Provide the path to your cert and key files that you've mounted access to within the container.

2
system/hosts/mcp/containers/public-homepage.nix
View File

@@ -1,5 +1,5 @@
# Define a very simple webserver to act as a default homepage.
{ pkgs, ... }:
{ ... }:
{
virtualisation.oci-containers.containers = {
public-homepage = {

41
system/hosts/mcp/containers/traefik/static/email.yaml Normal file
View File

@@ -0,0 +1,41 @@
http:
routers:
# A dummy route so that I can get certificates
mailserver-dummy:
service: public
rule: "Host(`mail.blazestar.net`)"
services:
public:
loadbalancer:
servers:
url: "http://public-homepage:80"
tcp:
routers:
docker-mailserver-esmtp:
service: docker-mailserver-esmtp
entryPoints:
- esmtp
rule: "HostSNI(`*`)"
# tls:
# # Send traffic through for the mail server to terminate.
# # This is required because some of the mail TLS is handled by upgrading connections.
# passthrough: true
# certResovler: letsencrypt
# domains:
# - main: "mail.blazestar.net"
# A host SNI rule is required (per documentation) for tls options.
# rule: "HostSNI(`mail.blazestar.net`)"
docker-mailserver-imap4:
service: docker-mailserver-imap4
entryPoints:
- imap4
rule: "HostSNI(`*`)"
services:
docker-mailserver-esmtp:
loadBalancer:
servers:
- address: "docker-mailserver:465"
docker-mailserver-imap4:
loadBalancer:
servers:
- address: "docker-mailserver:993"

4
system/hosts/mcp/containers/traefik/traefik.yaml
View File

@@ -13,6 +13,10 @@ entryPoints:
certResolver: letsencrypt
metrics:
address: ":8082"
esmtp:
address: ":465"
imap4:
address: ":993"
api:
insecure: true