mirror of
https://github.com/mjl-/mox.git
synced 2025-01-14 01:06:27 +03:00
05fd5c6947
with tls with acme (with pebble, a small acme server for testing), and with pregenerated keys/certs. the two mox instances are configured on their own domain. we launch a separate test container that connects to the first, submits a message for delivery to the second. we check if the message is delivered with an imap connection and the idle command.
133 lines
4.5 KiB
YAML
133 lines
4.5 KiB
YAML
version: '3.7'
|
|
services:
|
|
# We run quickstart_test.go from this container, it connects to both mox instances.
|
|
test:
|
|
hostname: test.mox1.example
|
|
image: mox_quickstart_test
|
|
# We add our cfssl-generated CA (which is in the repo) and acme pebble CA
|
|
# (generated each time pebble starts) to the list of trusted CA's, so the TLS
|
|
# dials in quickstart_test.go succeed.
|
|
command: ["sh", "-c", "set -ex; cat /quickstart/tmp-pebble-ca.pem /quickstart/tls/ca.pem >>/etc/ssl/certs/ca-certificates.crt; go test -tags quickstart"]
|
|
volumes:
|
|
- ./.go:/.go
|
|
- ./testdata/quickstart/resolv.conf:/etc/resolv.conf
|
|
- ./testdata/quickstart:/quickstart
|
|
- .:/mox
|
|
environment:
|
|
GOCACHE: /.go/.cache/go-build
|
|
depends_on:
|
|
dns:
|
|
condition: service_healthy
|
|
# moxmail2 depends on moxacmepebble, we connect to both.
|
|
moxmail2:
|
|
condition: service_healthy
|
|
networks:
|
|
mailnet1:
|
|
ipv4_address: 172.28.1.50
|
|
|
|
# First mox instance that uses ACME with pebble.
|
|
moxacmepebble:
|
|
hostname: moxacmepebble.mox1.example
|
|
domainname: mox1.example
|
|
image: mox_quickstart_moxmail
|
|
environment:
|
|
MOX_UID: "${MOX_UID}"
|
|
command: ["sh", "-c", "/quickstart/moxacmepebble.sh"]
|
|
volumes:
|
|
- ./testdata/quickstart/resolv.conf:/etc/resolv.conf
|
|
- ./testdata/quickstart:/quickstart
|
|
healthcheck:
|
|
test: netstat -nlt | grep ':25 '
|
|
interval: 1s
|
|
timeout: 1s
|
|
retries: 10
|
|
depends_on:
|
|
dns:
|
|
condition: service_healthy
|
|
acmepebble:
|
|
condition: service_healthy
|
|
networks:
|
|
mailnet1:
|
|
ipv4_address: 172.28.1.10
|
|
|
|
# Second mox instance, with TLS cert/keys from files.
|
|
moxmail2:
|
|
hostname: moxmail2.mox2.example
|
|
domainname: mox2.example
|
|
image: mox_quickstart_moxmail
|
|
environment:
|
|
MOX_UID: "${MOX_UID}"
|
|
command: ["sh", "-c", "/quickstart/moxmail2.sh"]
|
|
volumes:
|
|
- ./testdata/quickstart/resolv.conf:/etc/resolv.conf
|
|
- ./testdata/quickstart:/quickstart
|
|
healthcheck:
|
|
test: netstat -nlt | grep ':25 '
|
|
interval: 1s
|
|
timeout: 1s
|
|
retries: 10
|
|
depends_on:
|
|
dns:
|
|
condition: service_healthy
|
|
acmepebble:
|
|
condition: service_healthy
|
|
# moxacmepebble creates tmp-pebble-ca.pem, needed by moxmail2 to trust the certificates offered by moxacmepebble.
|
|
moxacmepebble:
|
|
condition: service_healthy
|
|
networks:
|
|
mailnet1:
|
|
ipv4_address: 172.28.1.20
|
|
|
|
dns:
|
|
hostname: dns.example
|
|
build:
|
|
dockerfile: Dockerfile.dns
|
|
# todo: figure out how to build from dockerfile with empty context without creating empty dirs in file system.
|
|
context: testdata/quickstart
|
|
volumes:
|
|
- ./testdata/quickstart/resolv.conf:/etc/resolv.conf
|
|
- ./testdata/quickstart:/quickstart
|
|
# We start with a base example.zone, but moxacmepebble appends its records,
|
|
# followed by moxmail2. They restart unbound after appending records.
|
|
command: ["sh", "-c", "set -ex; ls -l /etc/resolv.conf; chmod o+r /etc/resolv.conf; install -m 640 -o unbound /quickstart/unbound.conf /etc/unbound/; chmod 755 /quickstart; chmod 644 /quickstart/*.zone; cp /quickstart/example.zone /quickstart/example-quickstart.zone; ls -ld /quickstart /quickstart/reverse.zone; unbound -d -p -v"]
|
|
healthcheck:
|
|
test: netstat -nlu | grep '172.28.1.30:53 '
|
|
interval: 1s
|
|
timeout: 1s
|
|
retries: 10
|
|
networks:
|
|
mailnet1:
|
|
ipv4_address: 172.28.1.30
|
|
|
|
# pebble is a small acme server useful for testing. It creates a new CA
|
|
# certificate each time it starts, so we go through some trouble to configure the
|
|
# certificate in moxacmepebble and moxmail2.
|
|
acmepebble:
|
|
hostname: acmepebble.example
|
|
image: docker.io/letsencrypt/pebble:v2.3.1@sha256:fc5a537bf8fbc7cc63aa24ec3142283aa9b6ba54529f86eb8ff31fbde7c5b258
|
|
volumes:
|
|
- ./testdata/quickstart/resolv.conf:/etc/resolv.conf
|
|
- ./testdata/quickstart:/quickstart
|
|
command: ["sh", "-c", "set -ex; mount; ls -l /etc/resolv.conf; chmod o+r /etc/resolv.conf; pebble -config /quickstart/pebble-config.json"]
|
|
ports:
|
|
- 14000:14000 # ACME port
|
|
- 15000:15000 # Management port
|
|
healthcheck:
|
|
test: netstat -nlt | grep ':14000 '
|
|
interval: 1s
|
|
timeout: 1s
|
|
retries: 10
|
|
depends_on:
|
|
dns:
|
|
condition: service_healthy
|
|
networks:
|
|
mailnet1:
|
|
ipv4_address: 172.28.1.40
|
|
|
|
networks:
|
|
mailnet1:
|
|
driver: bridge
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: "172.28.1.0/24"
|