cqrenet/relay
4
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-19 20:38:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

docker: comments and cleanup

Browse Source
This commit is contained in:
j4n
2026-02-24 18:56:21 +01:00
parent c7c31fc588
commit ee6573efec
2 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docker/chatmail_relay.dockerfile
View File

@@ -8,15 +8,16 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
echo 'APT::Install-Recommends "0";' > /etc/apt/apt.conf.d/01norecommend && \ echo 'APT::Install-Recommends "0";' > /etc/apt/apt.conf.d/01norecommend && \
echo 'APT::Install-Suggests "0";' >> /etc/apt/apt.conf.d/01norecommend && \ echo 'APT::Install-Suggests "0";' >> /etc/apt/apt.conf.d/01norecommend && \
apt-get update && \ apt-get update && \
DEBIAN_FRONTEND=noninteractive TZ=UTC \
apt-get install -y \ apt-get install -y \
ca-certificates \ ca-certificates \
gcc \
git \ git \
python3 \ python3 \
python3-dev \
python3-venv \ python3-venv \
gcc \ tzdata \
python3-dev && \ locales && \
DEBIAN_FRONTEND=noninteractive TZ=UTC \
apt-get install -y tzdata locales && \
sed -i -e "s/# $LANG.*/$LANG UTF-8/" /etc/locale.gen && \ sed -i -e "s/# $LANG.*/$LANG UTF-8/" /etc/locale.gen && \
dpkg-reconfigure --frontend=noninteractive locales && \ dpkg-reconfigure --frontend=noninteractive locales && \
update-locale LANG=$LANG update-locale LANG=$LANG
@@ -46,6 +47,7 @@ RUN --mount=type=cache,target=/root/.cache/pip \
# Full source copy (editable install's .egg-link still points here) # Full source copy (editable install's .egg-link still points here)
COPY . /opt/chatmail/ COPY . /opt/chatmail/
# Minimal chatmail.ini
RUN printf '[params]\nmail_domain = build.local\n' > /tmp/chatmail.ini RUN printf '[params]\nmail_domain = build.local\n' > /tmp/chatmail.ini
RUN CMDEPLOY_STAGES=install \ RUN CMDEPLOY_STAGES=install \
@@ -82,7 +84,8 @@ COPY --chmod=555 ./docker/files/chatmail-init.sh /chatmail-init.sh
COPY --chmod=555 ./docker/files/entrypoint.sh /entrypoint.sh COPY --chmod=555 ./docker/files/entrypoint.sh /entrypoint.sh
HEALTHCHECK --interval=60s --timeout=10s --retries=3 \ HEALTHCHECK --interval=60s --timeout=10s --retries=3 \
CMD systemctl is-active dovecot postfix nginx unbound opendkim filtermail doveauth chatmail-metadata || exit 1 CMD systemctl is-active chatmail-metadata doveauth dovecot filtermail filtermail-incoming nginx postfix unbound || exit 1
# maybe add iroh-relay turnserver
STOPSIGNAL SIGRTMIN+3 STOPSIGNAL SIGRTMIN+3

19
docker/files/chatmail-init.sh
View File

@@ -11,19 +11,20 @@ if [ -z "$MAIL_DOMAIN" ]; then
exit 1 exit 1
fi fi
# Generate DKIM keys if not mounted
if [ ! -f /etc/dkimkeys/opendkim.private ]; then if [ ! -f /etc/dkimkeys/opendkim.private ]; then
/usr/sbin/opendkim-genkey -D /etc/dkimkeys -d "$MAIL_DOMAIN" -s opendkim /usr/sbin/opendkim-genkey -D /etc/dkimkeys -d "$MAIL_DOMAIN" -s opendkim
fi fi
# Fix ownership for bind-mounted keys (host opendkim UID may differ from container) # Fix ownership for bind-mounted keys (host opendkim UID may differ from container)
chown -R opendkim:opendkim /etc/dkimkeys chown -R opendkim:opendkim /etc/dkimkeys
# Create chatmail.ini (skips if file already exists, e.g. volume-mounted) # Create chatmail.ini, skip if mounted
mkdir -p "$(dirname "$CHATMAIL_INI")" mkdir -p "$(dirname "$CHATMAIL_INI")"
if [ ! -f "$CHATMAIL_INI" ]; then if [ ! -f "$CHATMAIL_INI" ]; then
$CMDEPLOY init --config "$CHATMAIL_INI" "$MAIL_DOMAIN" $CMDEPLOY init --config "$CHATMAIL_INI" "$MAIL_DOMAIN"
fi fi
# Inject external TLS paths from env var (unless user mounted their own ini) # Inject external TLS paths from env var unless defined in chatmail.ini
if [ -n "${TLS_EXTERNAL_CERT_AND_KEY:-}" ]; then if [ -n "${TLS_EXTERNAL_CERT_AND_KEY:-}" ]; then
if ! grep -q '^tls_external_cert_and_key' "$CHATMAIL_INI"; then if ! grep -q '^tls_external_cert_and_key' "$CHATMAIL_INI"; then
echo "tls_external_cert_and_key = $TLS_EXTERNAL_CERT_AND_KEY" >> "$CHATMAIL_INI" echo "tls_external_cert_and_key = $TLS_EXTERNAL_CERT_AND_KEY" >> "$CHATMAIL_INI"
@@ -54,23 +55,25 @@ else
systemctl stop postfix dovecot nginx opendkim unbound \ systemctl stop postfix dovecot nginx opendkim unbound \
filtermail doveauth chatmail-metadata iroh-relay mtail fcgiwrap 2>/dev/null || true filtermail doveauth chatmail-metadata iroh-relay mtail fcgiwrap 2>/dev/null || true
# Show listening ports before deploy (diagnostic for port-check failures) # # Show listening ports before deploy (diagnostic for port-check failures)
echo "[DEBUG] Listening ports before deploy:" # echo "[DEBUG] Listening ports before deploy:"
ss -lptn | while IFS= read -r line; do echo " $line"; done # ss -lptn | while IFS= read -r line; do echo " $line"; done
export CMDEPLOY_STAGES="${CMDEPLOY_STAGES:-configure,activate}" export CMDEPLOY_STAGES="${CMDEPLOY_STAGES:-configure,activate}"
# Skip DNS check when MAIL_DOMAIN is a bare IP address # Skip DNS check when MAIL_DOMAIN is a bare IP address
SKIP_DNS="" SKIP_DNS=""
if [[ "$MAIL_DOMAIN" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$MAIL_DOMAIN" =~ : ]]; then if [[ "$MAIL_DOMAIN" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$MAIL_DOMAIN" =~ : ]]; then
SKIP_DNS="--skip-dns-check" SKIP_DNS="--skip-dns-check"
fi fi
$CMDEPLOY run --config "$CHATMAIL_INI" --ssh-host @local $SKIP_DNS $CMDEPLOY run --config "$CHATMAIL_INI" --ssh-host @local $SKIP_DNS
# GithashDeployer overwrites /etc/chatmail-version with "unknown" because
# .git/ is excluded from the image; restore the build-time hash. # Restore the build-time hash
cp /etc/chatmail-image-version /etc/chatmail-version cp /etc/chatmail-image-version /etc/chatmail-version
echo "$current_fp" > "$FINGERPRINT_FILE" echo "$current_fp" > "$FINGERPRINT_FILE"
fi fi
# Journald: forward to console so `docker compose logs` works. # Forward journald to console so `docker compose logs` works
grep -q '^ForwardToConsole=yes' /etc/systemd/journald.conf \ grep -q '^ForwardToConsole=yes' /etc/systemd/journald.conf \
|| echo "ForwardToConsole=yes" >> /etc/systemd/journald.conf || echo "ForwardToConsole=yes" >> /etc/systemd/journald.conf
systemctl restart systemd-journald systemctl restart systemd-journald