mirror of
https://blitiri.com.ar/repos/chasquid
synced 2025-12-17 14:37:02 +00:00
e98464c424
This patch adds a new docker directory, which contains a Dockerfile plus some additional configuration for creating a container that runs chasquid+dovecot+letsencrypt. It also updates the gitlab CI pipeline to automatically build and publish an image on each commit. This is experimental and likely to break.
106 lines
3.1 KiB
Bash
Executable File
106 lines
3.1 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Script that is used as a Docker entrypoint.
|
|
#
|
|
|
|
set -e
|
|
|
|
if ! grep -q data /proc/mounts; then
|
|
echo "/data is not mounted."
|
|
echo "Check that the /data volume is set up correctly."
|
|
exit 1
|
|
fi
|
|
|
|
# Create the directory structure if it's not there.
|
|
# Some of these directories are symlink targets, see the Dockerfile.
|
|
mkdir -p /data/chasquid
|
|
mkdir -p /data/letsencrypt
|
|
mkdir -p /data/chasquid
|
|
mkdir -p /data/chasquid/domains
|
|
mkdir -p /data/dovecot
|
|
|
|
# Set up the certificates for the requested domains.
|
|
if [ "$AUTO_CERTS" != "" ]; then
|
|
# If we were given an email to use for letsencrypt, use it. Otherwise
|
|
# continue without one.
|
|
MAIL_OPTS="--register-unsafely-without-email"
|
|
if [ "$CERTS_MAIL" != "" ]; then
|
|
MAIL_OPTS="-m $CERTS_MAIL"
|
|
fi
|
|
|
|
for DOMAIN in $(echo $AUTO_CERTS); do
|
|
# If it has never been set up, then do so.
|
|
if ! [ -e /etc/letsencrypt/live/$DOMAIN/fullchain.pem ]; then
|
|
certbot certonly \
|
|
--non-interactive \
|
|
--standalone \
|
|
--agree-tos \
|
|
$MAIL_OPTS \
|
|
-d $DOMAIN
|
|
else
|
|
echo "$DOMAIN certificate already set up."
|
|
fi
|
|
done
|
|
|
|
# Renew on startup, since the container won't have cron facilities.
|
|
# Note this requires you to restart every week or so, to make sure
|
|
# your certificate does not expire.
|
|
certbot renew
|
|
fi
|
|
|
|
CERT_DOMAINS=""
|
|
for i in $(ls /etc/letsencrypt/live/); do
|
|
if [ -e "/etc/letsencrypt/live/$i/fullchain.pem" ]; then
|
|
CERT_DOMAINS="$CERT_DOMAINS $i"
|
|
fi
|
|
done
|
|
|
|
# We need one domain to use as a default - pick the last one.
|
|
ONE_DOMAIN=$i
|
|
|
|
# Check that there's at least once certificate at this point.
|
|
if [ "$CERT_DOMAINS" == "" ]; then
|
|
echo "No certificates found."
|
|
echo
|
|
echo "Set AUTO_CERTS='example.com' to automatically get one."
|
|
exit 1
|
|
fi
|
|
|
|
# Give chasquid access to the certificates.
|
|
# Dovecot does not need this as it reads them as root.
|
|
setfacl -R -m u:chasquid:rX /etc/letsencrypt/{live,archive}
|
|
|
|
# Give chasquid access to the data directory.
|
|
mkdir -p /data/chasquid/data
|
|
chown -R chasquid /data/chasquid/
|
|
|
|
# Give dovecot access to the mailbox home.
|
|
mkdir -p /data/mail/
|
|
chown dovecot:dovecot /data/mail/
|
|
|
|
# Generate the dovecot ssl configuration based on all the certificates we have.
|
|
# The default goes first because dovecot complains otherwise.
|
|
echo "# Autogenerated by entrypoint.sh" > /etc/dovecot/auto-ssl.conf
|
|
cat >> /etc/dovecot/auto-ssl.conf <<EOF
|
|
ssl_cert = </etc/letsencrypt/live/$ONE_DOMAIN/fullchain.pem
|
|
ssl_key = </etc/letsencrypt/live/$ONE_DOMAIN/privkey.pem
|
|
EOF
|
|
for DOMAIN in $CERT_DOMAINS; do
|
|
echo "local_name $DOMAIN {"
|
|
echo " ssl_cert = </etc/letsencrypt/live/$DOMAIN/fullchain.pem"
|
|
echo " ssl_key = </etc/letsencrypt/live/$DOMAIN/privkey.pem"
|
|
echo "}"
|
|
done >> /etc/dovecot/auto-ssl.conf
|
|
|
|
# Pick the default domain as default hostname for chasquid. This is only used
|
|
# in plain text sessions and on very rare cases, and it's mostly for aesthetic
|
|
# purposes.
|
|
echo "hostname: '$ONE_DOMAIN'" >> /etc/chasquid/chasquid.conf
|
|
|
|
|
|
# Start the services: dovecot in background, chasquid in foreground.
|
|
start-stop-daemon --start --quiet --pidfile /run/dovecot.pid \
|
|
--exec /usr/sbin/dovecot -- -c /etc/dovecot/dovecot.conf
|
|
|
|
sudo -u chasquid -g chasquid /usr/bin/chasquid $CHASQUID_FLAGS
|