Add config option for ipv6 usage (#312)

* add allow_ipv6 config option * add ipv6 config changes to cmdeploy * fix name of config option for ipv6 in config.py * move configure ipv6 before service start * Use templates for disabling ipv6 * lint * fix parameters in _configure_dovecot * dont pass domain to _configure_nginx * make disable_ipv6 boolean Co-authored-by: missytake <missytake@systemli.org> * implement namis suggestions reg boolean for ipv6 * Update chatmaild/src/chatmaild/config.py Co-authored-by: missytake <missytake@systemli.org> * ruff * ruff again :) * fix merge conflict * CI: add CI machine with IPv6 disabled * CI: fix sed statement * CI: fix ubuntu reset * CI: separate cert storage for staging2 and staging-ipv4 * add DNS records to proper zone * CI: ignore if folders are missing * CI: renames are not needed like this * CI: fix default DNS zone for ipv4 * CI: use debian 12 instead of ubuntu, tired of trying to guess the correct image * remove duplicared listen on 8443 * use jinja templates for disable_ipv6 * remove unused variable * add missing % sign in jinja tempalte * more fun with jinja syntax * CI: proper rsync paths for acme & DKIM caching * Changelog: add disable_ipv6 config option --------- Co-authored-by: missytake <missytake@systemli.org> Co-authored-by: holger krekel <holger@merlinux.eu>
2026-05-10 16:04:37 +00:00 · 2024-07-28 20:06:24 +02:00
parent ac1f2dadad
commit 1331e7e77a
9 changed files with 149 additions and 5 deletions
--- a/cmdeploy/src/cmdeploy/init.py
+++ b/cmdeploy/src/cmdeploy/init.py
@@ -268,6 +268,7 @@ def _configure_postfix(config: Config, debug: bool = False) -> bool:
        group="root",
        mode="644",
        config=config,
+        disable_ipv6=config.disable_ipv6,
    )
    need_restart |= main_config.changed

@@ -318,6 +319,7 @@ def _configure_dovecot(config: Config, debug: bool = False) -> bool:
        mode="644",
        config=config,
        debug=debug,
+        disable_ipv6=config.disable_ipv6,
    )
    need_restart |= main_config.changed
    auth_config = files.put(
@@ -362,7 +364,7 @@ def _configure_dovecot(config: Config, debug: bool = False) -> bool:
    return need_restart


-def _configure_nginx(domain: str, debug: bool = False) -> bool:
+def _configure_nginx(config: Config, debug: bool = False) -> bool:
    """Configures nginx HTTP server."""
    need_restart = False

@@ -372,7 +374,8 @@ def _configure_nginx(domain: str, debug: bool = False) -> bool:
        user="root",
        group="root",
        mode="644",
-        config={"domain_name": domain},
+        config={"domain_name": config.mail_domain},
+        disable_ipv6=config.disable_ipv6,
    )
    need_restart |= main_config.changed

@@ -382,7 +385,7 @@ def _configure_nginx(domain: str, debug: bool = False) -> bool:
        user="root",
        group="root",
        mode="644",
-        config={"domain_name": domain},
+        config={"domain_name": config.mail_domain},
    )
    need_restart |= autoconfig.changed

@@ -392,7 +395,7 @@ def _configure_nginx(domain: str, debug: bool = False) -> bool:
        user="root",
        group="root",
        mode="644",
-        config={"domain_name": domain},
+        config={"domain_name": config.mail_domain},
    )
    need_restart |= mta_sts_config.changed

@@ -556,7 +559,7 @@ def deploy_chatmail(config_path: Path) -> None:
    dovecot_need_restart = _configure_dovecot(config, debug=debug)
    postfix_need_restart = _configure_postfix(config, debug=debug)
    mta_sts_need_restart = _install_mta_sts_daemon()
-    nginx_need_restart = _configure_nginx(mail_domain)
+    nginx_need_restart = _configure_nginx(config)

    _remove_rspamd()
    opendkim_need_restart = _configure_opendkim(mail_domain, "opendkim")
--- a/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2
+++ b/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2
@@ -1,5 +1,9 @@
 ## Dovecot configuration file

+{% if disable_ipv6 %}
+listen = *
+{% endif %}
+
 protocols = imap lmtp

 auth_mechanisms = plain
--- a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
+++ b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
@@ -43,8 +43,11 @@ http {
 	gzip on;

 	server {
+  
 		listen 8443 ssl default_server;
+		{% if not disable_ipv6 %}
 		listen [::]:8443 ssl default_server;
+		{% endif %}

 		root /var/www/html;

@@ -96,7 +99,9 @@ http {
 	# Redirect www. to non-www
 	server {
 		listen 8443 ssl;
+		{% if not disable_ipv6 %}
 		listen [::]:8443 ssl;
+		{% endif %}
 		server_name www.{{ config.domain_name }};
 		return 301 $scheme://{{ config.domain_name }}$request_uri;
 		access_log syslog:server=unix:/dev/log,facility=local7;
--- a/cmdeploy/src/cmdeploy/postfix/main.cf.j2
+++ b/cmdeploy/src/cmdeploy/postfix/main.cf.j2
@@ -65,7 +65,11 @@ mailbox_size_limit = 0
 message_size_limit = {{config.max_message_size}}
 recipient_delimiter = +
 inet_interfaces = all
+{% if disable_ipv6 %}
+inet_protocols = ipv4
+{% else %}
 inet_protocols = all
+{% endif %}

 virtual_transport = lmtp:unix:private/dovecot-lmtp
 virtual_mailbox_domains = {{ config.mail_domain }}