version: '3.7' services: # We run quickstart_test.go from this container, it connects to both mox instances. test: hostname: test.mox1.example image: mox_quickstart_test # We add our cfssl-generated CA (which is in the repo) and acme pebble CA # (generated each time pebble starts) to the list of trusted CA's, so the TLS # dials in quickstart_test.go succeed. command: ["sh", "-c", "set -ex; cat /quickstart/tmp-pebble-ca.pem /quickstart/tls/ca.pem >>/etc/ssl/certs/ca-certificates.crt; go test -tags quickstart"] volumes: - ./.go:/.go - ./testdata/quickstart/resolv.conf:/etc/resolv.conf - ./testdata/quickstart:/quickstart - .:/mox environment: GOCACHE: /.go/.cache/go-build depends_on: dns: condition: service_healthy # moxmail2 depends on moxacmepebble, we connect to both. moxmail2: condition: service_healthy networks: mailnet1: ipv4_address: 172.28.1.50 # First mox instance that uses ACME with pebble. moxacmepebble: hostname: moxacmepebble.mox1.example domainname: mox1.example image: mox_quickstart_moxmail environment: MOX_UID: "${MOX_UID}" command: ["sh", "-c", "/quickstart/moxacmepebble.sh"] volumes: - ./testdata/quickstart/resolv.conf:/etc/resolv.conf - ./testdata/quickstart:/quickstart healthcheck: test: netstat -nlt | grep ':25 ' interval: 1s timeout: 1s retries: 10 depends_on: dns: condition: service_healthy acmepebble: condition: service_healthy networks: mailnet1: ipv4_address: 172.28.1.10 # Second mox instance, with TLS cert/keys from files. moxmail2: hostname: moxmail2.mox2.example domainname: mox2.example image: mox_quickstart_moxmail environment: MOX_UID: "${MOX_UID}" command: ["sh", "-c", "/quickstart/moxmail2.sh"] volumes: - ./testdata/quickstart/resolv.conf:/etc/resolv.conf - ./testdata/quickstart:/quickstart healthcheck: test: netstat -nlt | grep ':25 ' interval: 1s timeout: 1s retries: 10 depends_on: dns: condition: service_healthy acmepebble: condition: service_healthy # moxacmepebble creates tmp-pebble-ca.pem, needed by moxmail2 to trust the certificates offered by moxacmepebble. moxacmepebble: condition: service_healthy networks: mailnet1: ipv4_address: 172.28.1.20 dns: hostname: dns.example build: dockerfile: Dockerfile.dns # todo: figure out how to build from dockerfile with empty context without creating empty dirs in file system. context: testdata/quickstart volumes: - ./testdata/quickstart/resolv.conf:/etc/resolv.conf - ./testdata/quickstart:/quickstart # We start with a base example.zone, but moxacmepebble appends its records, # followed by moxmail2. They restart unbound after appending records. command: ["sh", "-c", "set -ex; ls -l /etc/resolv.conf; chmod o+r /etc/resolv.conf; install -m 640 -o unbound /quickstart/unbound.conf /etc/unbound/; chmod 755 /quickstart; chmod 644 /quickstart/*.zone; cp /quickstart/example.zone /quickstart/example-quickstart.zone; ls -ld /quickstart /quickstart/reverse.zone; unbound -d -p -v"] healthcheck: test: netstat -nlu | grep '172.28.1.30:53 ' interval: 1s timeout: 1s retries: 10 networks: mailnet1: ipv4_address: 172.28.1.30 # pebble is a small acme server useful for testing. It creates a new CA # certificate each time it starts, so we go through some trouble to configure the # certificate in moxacmepebble and moxmail2. acmepebble: hostname: acmepebble.example image: docker.io/letsencrypt/pebble:v2.3.1@sha256:fc5a537bf8fbc7cc63aa24ec3142283aa9b6ba54529f86eb8ff31fbde7c5b258 volumes: - ./testdata/quickstart/resolv.conf:/etc/resolv.conf - ./testdata/quickstart:/quickstart command: ["sh", "-c", "set -ex; mount; ls -l /etc/resolv.conf; chmod o+r /etc/resolv.conf; pebble -config /quickstart/pebble-config.json"] ports: - 14000:14000 # ACME port - 15000:15000 # Management port healthcheck: test: netstat -nlt | grep ':14000 ' interval: 1s timeout: 1s retries: 10 depends_on: dns: condition: service_healthy networks: mailnet1: ipv4_address: 172.28.1.40 networks: mailnet1: driver: bridge ipam: driver: default config: - subnet: "172.28.1.0/24"