Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 82551916bb |
11
.env.sample
11
.env.sample
@ -1,16 +1,14 @@
|
||||
TYPE=mailman3
|
||||
|
||||
DOMAIN=mailman3.example.com
|
||||
DOMAIN=lists.example.com
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
SERVE_FROM_DOMAIN=${DOMAIN}
|
||||
|
||||
MAILMAN_ADMIN_EMAIL=admin@example.com
|
||||
|
||||
# mailu smtp
|
||||
SMTP_HOST=mail_example_com_smtp
|
||||
# mailu network
|
||||
SMTP_NETWORK=mail_example_com_default
|
||||
SMTP_HOST=mail_example_com_smtp # mailu smtp
|
||||
SMTP_NETWORK=mail_example_com_default # mailu network
|
||||
SMTP_PORT=25
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
@ -26,6 +24,3 @@ SECRET_MAILMAN_REST_PASSWORD_VERSION=v1
|
||||
# KEYCLOAK_SSO_ENABLED=1
|
||||
# KEYCLOAK_DOMAIN=login.example.com
|
||||
# KEYCLOAK_REALM=sso-queens-united
|
||||
|
||||
# DEV_MODE_ENABLED=1
|
||||
# DEV_MODE_EMAIL=email@example.com
|
||||
|
||||
11
README.md
11
README.md
@ -40,17 +40,6 @@ This configuration assumes the following:
|
||||
5. `abra app deploy YOURAPPDOMAIN`
|
||||
6. Open the configured domain in your browser to finish set-up
|
||||
|
||||
|
||||
## Creating users / superusers and running manage.py in general for posterous.
|
||||
|
||||
1. Go to the `web` container `abra app run lists.example.com web bash`
|
||||
2. Set up the enivronment for the `manage.py` to work:
|
||||
a. `export SECRET_KEY=$(cat /run/secrets/django_secret_key)`
|
||||
b. `export DATABASE_PASSWORD=$(cat /run/secrets/db_password)`
|
||||
c. `export DATABASE_URL="postgres://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}/${DATABASE_NAME}"`
|
||||
3. Then `manage.py` should work. For example, create a superuser with `python3 manage.py createsuperuser`.
|
||||
|
||||
|
||||
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||
[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
|
||||
[`coop-cloud/mailu`]: https://git.autonomic.zone/coop-cloud/mailu
|
||||
|
||||
46
abra.sh
46
abra.sh
@ -1,47 +1,5 @@
|
||||
export CORE_ENTRYPOINT_CONF_VERSION=v6
|
||||
export MAILMAN_EXTRA_CFG_VERSION=v1
|
||||
export CORE_ENTRYPOINT_CONF_VERSION=v3
|
||||
export MAILMAN_EXTRA_CFG_VERSION=v2
|
||||
export NGINX_CONF_VERSION=v1
|
||||
export SETTINGS_LOCAL_VERSION=v2
|
||||
export WEB_ENTRYPOINT_CONF_VERSION=v1
|
||||
|
||||
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
|
||||
declare -x -g "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
environment() {
|
||||
file_env "DATABASE_PASSWORD"
|
||||
file_env "HYPERKITTY_API_KEY"
|
||||
file_env "MAILMAN_REST_PASSWORD"
|
||||
file_env "SECRET_KEY"
|
||||
|
||||
declare -x -g "DATABASE_URL"="postgres://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}/${DATABASE_NAME}"
|
||||
}
|
||||
|
||||
shell() {
|
||||
## Run a shell with proper environment
|
||||
environment
|
||||
bash $@
|
||||
}
|
||||
|
||||
manage() {
|
||||
environment
|
||||
python3 manage.py $@
|
||||
}
|
||||
|
||||
23
compose.yml
23
compose.yml
@ -3,7 +3,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
core:
|
||||
image: "maxking/mailman-core:0.5"
|
||||
image: "maxking/mailman-core:0.3"
|
||||
hostname: mailman-core
|
||||
volumes:
|
||||
- "mailman-core:/opt/mailman/"
|
||||
@ -16,35 +16,32 @@ services:
|
||||
- hyperkitty_api_key
|
||||
- mailman_rest_password
|
||||
environment:
|
||||
- MM_HOSTNAME=core.${SMTP_NETWORK}
|
||||
- DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
|
||||
- DATABASE_DB=mailman
|
||||
- DATABASE_HOST=${STACK_NAME}_db
|
||||
- DATABASE_HOST=db
|
||||
- DATABASE_NAME=mailman
|
||||
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||
- DATABASE_TYPE=postgresql
|
||||
- DATABASE_TYPE=postgres
|
||||
- DATABASE_USER=mailman
|
||||
- HYPERKITTY_API_KEY_FILE=/run/secrets/hyperkitty_api_key
|
||||
- MAILMAN_HOSTNAME=mailman-core
|
||||
- MAILMAN_REST_PASSWORD_FILE=/run/secrets/mailman_rest_password
|
||||
- MAILMAN_REST_USER=restadmin
|
||||
- MTA=postfix
|
||||
- SMTP_HOST
|
||||
- SMTP_PORT
|
||||
- DEV_MODE_ENABLED
|
||||
- DEV_MODE_EMAIL
|
||||
- DOMAIN=lists-test.autonomic.zone
|
||||
configs:
|
||||
- source: mailman_extra_cfg
|
||||
target: /opt/mailman/core/mailman-extra.cfg
|
||||
target: /opt/mailman/mailman-extra.cfg
|
||||
- source: core_entrypoint_sh
|
||||
target: /usr/local/bin/docker-entrypoint-custom.sh
|
||||
mode: 0555
|
||||
entrypoint: /usr/local/bin/docker-entrypoint-custom.sh
|
||||
command: master --force
|
||||
deploy:
|
||||
endpoint_mode: dnsrr
|
||||
|
||||
web:
|
||||
image: "maxking/mailman-web:0.5"
|
||||
image: "maxking/mailman-web:0.3"
|
||||
hostname: mailman-web
|
||||
networks:
|
||||
- internal
|
||||
@ -57,7 +54,7 @@ services:
|
||||
- hyperkitty_api_key
|
||||
- mailman_rest_password
|
||||
environment:
|
||||
- DATABASE_HOST=${STACK_NAME}_db
|
||||
- DATABASE_HOST=db
|
||||
- DATABASE_NAME=mailman
|
||||
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||
- DATABASE_TYPE=postgres
|
||||
@ -79,7 +76,7 @@ services:
|
||||
command: uwsgi --ini /opt/mailman-web/uwsgi.ini
|
||||
|
||||
app:
|
||||
image: "nginx:1.28.0"
|
||||
image: "nginx:1.21.1"
|
||||
environment:
|
||||
- DOMAIN
|
||||
- STACK_NAME
|
||||
@ -100,7 +97,7 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.2.1+1.28.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.1.0+1.21.1"
|
||||
|
||||
db:
|
||||
image: "postgres:13-alpine"
|
||||
|
||||
28
entrypoint.core.sh.tmpl
Executable file → Normal file
28
entrypoint.core.sh.tmpl
Executable file → Normal file
@ -32,13 +32,26 @@ file_env "DATABASE_PASSWORD"
|
||||
file_env "HYPERKITTY_API_KEY"
|
||||
file_env "MAILMAN_REST_PASSWORD"
|
||||
|
||||
export DATABASE_URL="postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}/${DATABASE_NAME}"
|
||||
export DATABASE_URL="postgres://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}/${DATABASE_NAME}"
|
||||
|
||||
# Diabolical hack to remove duplicate hostnames due to Docker shared networks
|
||||
# See https://git.autonomic.zone/coop-cloud/mailu/src/branch/main/compose.yml for more
|
||||
sed "/192.168/d" /etc/hosts > /etc/hosts-single-hostname
|
||||
cat /etc/hosts-single-hostname > /etc/hosts
|
||||
|
||||
# Diabolical hack to generate DKIM key for ARC, see:
|
||||
# https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers/docs/arc_sign.html
|
||||
# https://gitlab.com/mailman/mailman/blob/master/src/mailman/config/schema.cfg#L655-734
|
||||
|
||||
apk add openssl
|
||||
|
||||
dkim_private_key_file="/opt/mailman/dkim-{{ env "DOMAIN" }}.pem"
|
||||
if [ ! -f "$dkim_private_key_file" ]; then
|
||||
openssl genrsa -out "$dkim_private_key_file" 2048
|
||||
fi
|
||||
dkim_pub_key=$(openssl rsa -in "$dkim_private_key_file" -pubout -outform der 2>/dev/null | openssl base64 -A)
|
||||
echo "DKIM public key: $dkim_pub_key"
|
||||
|
||||
# --- upstream entrypoint below ---
|
||||
|
||||
function wait_for_postgres () {
|
||||
@ -161,7 +174,7 @@ cat >> /etc/mailman.cfg << EOF
|
||||
sleep_time: 10s
|
||||
|
||||
[webservice]
|
||||
hostname: 0.0.0.0
|
||||
hostname: $MM_HOSTNAME
|
||||
port: $MAILMAN_REST_PORT
|
||||
admin_user: $MAILMAN_REST_USER
|
||||
admin_pass: $MAILMAN_REST_PASSWORD
|
||||
@ -234,15 +247,6 @@ then
|
||||
cat /opt/mailman/gunicorn-extra.cfg > /etc/gunicorn.cfg
|
||||
fi
|
||||
|
||||
if [ $DEV_MODE_ENABLED == "1" ]; then
|
||||
cat >> /etc/mailman.cfg <<__EOF
|
||||
[devmode]
|
||||
enabled: yes
|
||||
recipient: $DEV_MODE_EMAIL
|
||||
|
||||
__EOF
|
||||
fi
|
||||
|
||||
if [[ -v HYPERKITTY_API_KEY ]]; then
|
||||
|
||||
echo "HYPERKITTY_API_KEY found, setting up HyperKitty archiver..."
|
||||
@ -274,7 +278,7 @@ echo "HYPERKITTY_API_KEY not defined, skipping HyperKitty setup..."
|
||||
fi
|
||||
|
||||
# Generate the LMTP files for postfix if needed.
|
||||
su-exec mailman mailman aliases
|
||||
mailman aliases
|
||||
|
||||
# Now chown the places where mailman wants to write stuff.
|
||||
chown -Rf mailman /opt/mailman || true
|
||||
|
||||
@ -17,3 +17,19 @@ configuration: /etc/postfix-mailman.cfg
|
||||
# bounce from a list owner), will be sent to this address. It should point to
|
||||
# a human.
|
||||
site_owner: {{ env "MAILMAN_ADMIN_EMAIL" }}
|
||||
|
||||
[ARC]
|
||||
enabled: yes
|
||||
dmarc: yes
|
||||
dkim: yes
|
||||
authserv_id: {{ env "DOMAIN" }}
|
||||
|
||||
privkey: /opt/mailman/dkim-{{ env "DOMAIN" }}.pem
|
||||
selector: dkim
|
||||
domain: {{ env "DOMAIN" }}
|
||||
|
||||
# This configures the headers that will be cryptographically signed
|
||||
# This list is what is recommended by the DKIM & ARC specifications.
|
||||
# Inclusion of the From header is mandatory.
|
||||
sig_headers: From, Sender, Reply-To, Subject, Date, Message-ID, To, Cc, MIME-Version, Content-Type, Content-Transfer-Encoding, Content-ID, Content-Description, Resent-Date, Resent-From, Resent-Sender, Resent-To, Resent-Cc, Resent-Message-ID, In-Reply-To, References, List-Id, List-Help, List-Unsubscribe, List-Subscribe, List-Post, List-Owner, List-Archive
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user