Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[email] WIP

Browse Source
This commit is contained in:
Drew Haven
2025-04-08 16:32:19 -07:00
parent 604617f4f4
commit a468e87d49
5 changed files with 49 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
system/hosts/mcp/containers/email.nix
View File

@@ -7,28 +7,14 @@ in {
image = "ghcr.io/docker-mailserver/docker-mailserver:latest"; image = "ghcr.io/docker-mailserver/docker-mailserver:latest";
hostname = "mail.${blazestar}"; hostname = "mail.${blazestar}";
autoStart = true; autoStart = true;
ports = [
"465:465"
"587:587"
"993:993"
];
volumes = [ volumes = [
"/tank/mailserver/mail-data:/var/mail" "/tank/mailserver/mail-data:/var/mail"
"/tank/mailserver/mail-state:/var/mail-state" "/tank/mailserver/mail-state:/var/mail-state"
"/tank/mailserver/mail-logs:/var/log/mail" "/tank/mailserver/mail-logs:/var/log/mail"
"/tank/mailserver/config:/tmp/docker-mailserver" "/tank/mailserver/config:/tmp/docker-mailserver"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
"/tank/config/traefik/acme/acme.json:/etc/letsencrypt/acme.json:ro"
]; ];
# environment = {
# See https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/
# docker-mailserver uses 0 and 1 for false and true respectively
# ENABLE_RSPAMD="1";
# ENABLE_CLAMAV="1";
# ENABLE_FAIL2BAN="1";
# LOG_LEVEL="info";
# ENABLE_POP3="0";
# ENABLE_IMAP="1";
# };
environmentFiles = [ environmentFiles = [
./email/mailserver.env ./email/mailserver.env
]; ];
@@ -37,8 +23,7 @@ in {
"--cap-add=NET_ADMIN" "--cap-add=NET_ADMIN"
]; ];
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "false";
"traefik.tcp.routers.mail.service" = "mailserver";
}; };
}; };
} }

1
system/hosts/mcp/containers/email/mailserver.env
View File

@@ -239,6 +239,7 @@ SMTP_ONLY=
# manual => Let's you manually specify locations of your SSL certificates for non-standard cases # manual => Let's you manually specify locations of your SSL certificates for non-standard cases
# self-signed => Enables self-signed certificates # self-signed => Enables self-signed certificates
SSL_TYPE=letsencrypt SSL_TYPE=letsencrypt
SSL_DOMAIL=mail.blazestar.net
# These are only supported with `SSL_TYPE=manual`. # These are only supported with `SSL_TYPE=manual`.
# Provide the path to your cert and key files that you've mounted access to within the container. # Provide the path to your cert and key files that you've mounted access to within the container.

2
system/hosts/mcp/containers/public-homepage.nix
View File

@@ -1,5 +1,5 @@
# Define a very simple webserver to act as a default homepage. # Define a very simple webserver to act as a default homepage.
{ pkgs, ... }: { ... }:
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
public-homepage = { public-homepage = {

41
system/hosts/mcp/containers/traefik/static/email.yaml Normal file
View File

@@ -0,0 +1,41 @@
http:
routers:
# A dummy route so that I can get certificates
mailserver-dummy:
service: public
rule: "Host(`mail.blazestar.net`)"
services:
public:
loadbalancer:
servers:
url: "http://public-homepage:80"
tcp:
routers:
docker-mailserver-esmtp:
service: docker-mailserver-esmtp
entryPoints:
- esmtp
rule: "HostSNI(`*`)"
# tls:
# # Send traffic through for the mail server to terminate.
# # This is required because some of the mail TLS is handled by upgrading connections.
# passthrough: true
# certResovler: letsencrypt
# domains:
# - main: "mail.blazestar.net"
# A host SNI rule is required (per documentation) for tls options.
# rule: "HostSNI(`mail.blazestar.net`)"
docker-mailserver-imap4:
service: docker-mailserver-imap4
entryPoints:
- imap4
rule: "HostSNI(`*`)"
services:
docker-mailserver-esmtp:
loadBalancer:
servers:
- address: "docker-mailserver:465"
docker-mailserver-imap4:
loadBalancer:
servers:
- address: "docker-mailserver:993"

4
system/hosts/mcp/containers/traefik/traefik.yaml
View File

@@ -13,6 +13,10 @@ entryPoints:
certResolver: letsencrypt certResolver: letsencrypt
metrics: metrics:
address: ":8082" address: ":8082"
esmtp:
address: ":465"
imap4:
address: ":993"
api: api:
insecure: true insecure: true