vincent/homelab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

create docker-mailserver job

Browse Source
This commit is contained in:
vincent 2023-10-01 19:30:23 +02:00
parent 0d2e2a3d52
commit 6705e06541
3 changed files with 202 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
nomad-job/dockermailserver.nomad Normal file
View File

@ -0,0 +1,161 @@
job "dockermailserver" {
datacenters = ["hetzner"]
priority = 90
type = "service"
meta {
forcedeploy = "0"
}
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "dockermailserver" {
network {
mode = "host"
port "smtp" {
to = 25
}
port "imap" {
to = 10993
}
port "esmtp" {
to = 465
}
}
service {
name = "smtp"
port = "smtp"
tags = [
"traefik.enable=true",
"traefik.tcp.routers.smtp.service=smtp",
"traefik.tcp.routers.smtp.entrypoints=smtp",
"traefik.tcp.routers.smtp.rule=HostSNI(`*`)",
"traefik.tcp.routers.smtp.tls.passthrough=true",
"traefik.tcp.routers.smtp.tls=false",
"traefik.tcp.services.smtp.loadbalancer.proxyProtocol.version=1",
]
check {
name = "smtp_probe"
type = "tcp"
interval = "20s"
timeout = "2s"
}
}
service {
name = "esmtp"
port = "esmtp"
tags = [
"traefik.enable=true",
"traefik.tcp.routers.esmtp.service=esmtp",
"traefik.tcp.routers.esmtp.entrypoints=esmtp",
"traefik.tcp.routers.esmtp.rule=HostSNI(`*`)",
"traefik.tcp.routers.esmtp.tls.passthrough=true",
"traefik.tcp.services.esmtp.loadbalancer.proxyProtocol.version=1",
]
check {
name = "esmtp_probe"
type = "tcp"
interval = "20s"
timeout = "2s"
}
}
service {
name = "imap"
port = "imap"
tags = [
"traefik.enable=true",
"traefik.tcp.routers.imap.service=imap",
"traefik.tcp.routers.imap.entrypoints=imap",
"traefik.tcp.routers.imap.rule=HostSNI(`*`)",
"traefik.tcp.routers.imap.tls.passthrough=true",
"traefik.tcp.services.imap.loadbalancer.proxyProtocol.version=2",
]
check {
name = "imap_probe"
type = "tcp"
interval = "20s"
timeout = "2s"
}
}
service {
name = "certmail"
tags =[
"traefik.enable=true",
"traefik.http.routers.certmail.tls.domains[0].sans=mail.ducamps.eu",
"traefik.http.routers.certmail.tls.certresolver=myresolver",
]
}
# vault{
# policies= ["policy_name"]
#
#}
task "server" {
driver = "docker"
config {
image = "ghcr.io/docker-mailserver/docker-mailserver:edge"
ports = ["smtp", "esmtp", "imap"]
volumes = [
"/mnt/diskstation/nomad/dms/mail-data:/var/mail",
"/mnt/diskstation/nomad/dms/mail-state:/var/mail-state",
"/mnt/diskstation/nomad/dms/mail-logs:/var/log/mail",
"/mnt/diskstation/nomad/dms/config:/tmp/docker-mailserver",
"/etc/localtime:/etc/localtime",
"local/postfix-main.cf:/tmp/docker-mailserver/postfix-main.cf",
"local/postfix-master.cf:/tmp/docker-mailserver/postfix-master.cf",
"local/dovecot.cf:/tmp/docker-mailserver/dovecot.cf",
"/mnt/diskstation/nomad/traefik/acme.json:/etc/letsencrypt/acme.json"
]
}
env {
OVERRIDE_HOSTNAME = "mail.ducamps.eu"
DMS_VMAIL_UID = 1000000
DMS_VMAIL_GID = 100
SSL_TYPE= "letsencrypt"
SSL_DOMAIN= "mail.ducamps.eu"
LOG_LEVEL="debug"
}
template {
data = <<EOH
EOH
destination = "secrets/config"
env = true
}
template {
data = <<EOH
postscreen_upstream_proxy_protocol = haproxy
EOH
destination = "local/postfix-main.cf"
}
template {
data = <<EOH
submission/inet/smtpd_upstream_proxy_protocol=haproxy
submissions/inet/smtpd_upstream_proxy_protocol=haproxy
EOH
destination = "local/postfix-master.cf"
}
template {
data = <<EOH
haproxy_trusted_networks = 10.0.0.0/24, 127.0.0.0/8, 172.17.0.1
haproxy_timeout = 3 secs
service imap-login {
inet_listener imaps {
haproxy = yes
ssl = yes
port = 10993
}
}
EOH
destination = "local/dovecot.cf"
}
resources {
memory = 300
}
}
}
}

23
nomad-job/traefik-ingress.nomad
View File

@ -25,6 +25,18 @@ job "traefik-ingress" {
static = 2222 static = 2222
host_network = "public" host_network = "public"
} }
port "smtp" {
static = 25
host_network = "public"
}
port "esmtp" {
static = 465
host_network = "public"
}
port "imap" {
static= 993
host_network = "public"
}
} }
vault { vault {
policies = ["traefik"] policies = ["traefik"]
@ -60,7 +72,10 @@ job "traefik-ingress" {
"http", "http",
"https", "https",
"admin", "admin",
"ssh" "ssh",
"smtp",
"esmtp",
"imap",
] ]
volumes = [ volumes = [
"local/traefik.toml:/etc/traefik/traefik.toml", "local/traefik.toml:/etc/traefik/traefik.toml",
@ -96,6 +111,12 @@ job "traefik-ingress" {
address = ":443" address = ":443"
[entryPoints.traefik] [entryPoints.traefik]
address = ":9080" address = ":9080"
[entrypoints.smtp]
address = ":25"
[entrypoints.esmtp]
address = ":465"
[entrypoints.imap]
address = ":993"
[http.middlewares] [http.middlewares]
[http.middlewares.https-redirect.redirectscheme] [http.middlewares.https-redirect.redirectscheme]
scheme = "https" scheme = "https"

20
nomad-job/traefik-local.nomad
View File

@ -15,6 +15,15 @@ job "traefik-local" {
port "ssh" { port "ssh" {
static = 2222 static = 2222
} }
port "smtp" {
static = 25
}
port "esmtp" {
static = 465
}
port "imap" {
static= 993
}
port "admin" { port "admin" {
static = 9080 static = 9080
} }
@ -54,7 +63,10 @@ job "traefik-local" {
"http", "http",
"https", "https",
"admin", "admin",
"ssh" "ssh",
"smtp",
"esmtp",
"imap",
] ]
volumes = [ volumes = [
"local/traefik.toml:/etc/traefik/traefik.toml", "local/traefik.toml:/etc/traefik/traefik.toml",
@ -91,6 +103,12 @@ job "traefik-local" {
address = ":9080" address = ":9080"
[entrypoints.ssh] [entrypoints.ssh]
address = ":2222" address = ":2222"
[entrypoints.smtp]
address = ":25"
[entrypoints.esmtp]
address = ":465"
[entrypoints.imap]
address = ":993"
[http.middlewares] [http.middlewares]
[http.middlewares.https-redirect.redirectscheme] [http.middlewares.https-redirect.redirectscheme]
scheme = "https" scheme = "https"