mirror of
https://github.com/chatmail/relay.git
synced 2026-05-11 08:24:37 +00:00
3ef59c3def
Add Docker-based deployment: Dockerfile based on systemd image, docker-compose.yaml, build script, entrypoint, external certificate monitoring, CI workflow, and documentation. This builds on the chatmaild/cmdeploy preparation in the previous commit (j4n/docker-prep-chatmail) which added the env-var-driven feature flags (CHATMAIL_NOSYSCTL, CHATMAIL_NOPORTCHECK, CHATMAIL_NOACME) and @local deployment support needed by the container. This is commit 2 of 3 to merge squashed changes on j4n/docker and docker branches, original commits were beef0ec..606f36e Architecture overview (mostly by original author Keonik1): - Debian-systemd image wrapping the existing cmdeploy install - Host networking to not manually expose the many ports needed - Config via MAIL_DOMAIN env var or (new) mounted chatmail.ini - New: cmdeploy stages: install at build, configure+activate at startup - New: Monitoring service for external certs via systemd timer (chatmail-certmon) - New: Image version tracking for automatic upgrade detection (cm + config hash) - New: docker-compose.override.yaml pattern for user customizations - New: GitHub Actions CI for ghcr.io image builds Traefik reverse-proxy support is prepared but the specific files are excluded from this PR and will be submitted separately. TODO: - [ ] Pull out CHATMAIL_NOACME as PR #855 introduced a proper mechanism - [ ] Check if underlying image could be based on regular debian-slim images with a step to enable systemd, similar to https://github.com/alexdzyoba/docker-debian-systemd Files added: .dockerignore .github/workflows/docker-build.yaml docker-compose.yaml docker-compose.override.yaml.example docker/build.sh docker/chatmail_relay.dockerfile docker/files/chatmail-certmon.{service,sh,timer} docker/files/entrypoint.sh docker/files/setup_chatmail.service docker/files/setup_chatmail_docker.sh env.example doc/source/docker.rst Files modified: .gitignore doc/source/getting_started.rst doc/source/index.rst Co-authored-by: Keonik1 <keonik.dev@gmail.com> Co-authored-by: missytake <missytake@systemli.org>
52 lines
1.8 KiB
YAML
52 lines
1.8 KiB
YAML
# Base compose file — do not edit. Put customizations (data paths, extra
|
|
# volumes, env overrides) in docker-compose.override.yaml instead.
|
|
# See docker/docker-compose.override.yaml.example for a starting point.
|
|
#
|
|
# Security note: this container uses network_mode:host (chatmail needs many
|
|
# ports: 25, 53, 80, 143, 443, 465, 587, 993, 3340, 8443) and cgroup:host
|
|
# (required for systemd). Together these give the container near-host-level
|
|
# access. This is acceptable for a dedicated mail server, but be aware that
|
|
# the container can bind any port and see all host network traffic.
|
|
services:
|
|
chatmail:
|
|
build:
|
|
context: ./
|
|
dockerfile: docker/chatmail_relay.dockerfile
|
|
args:
|
|
GIT_HASH: ${GIT_HASH:-unknown}
|
|
image: chatmail-relay:latest
|
|
restart: unless-stopped
|
|
container_name: chatmail
|
|
# Required for systemd — use only one of the following:
|
|
cgroup: host # compose v2 only
|
|
# privileged: true # compose v1 (not tested)
|
|
tty: true # required for logs
|
|
tmpfs: # required for systemd
|
|
- /tmp
|
|
- /run
|
|
- /run/lock
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
environment:
|
|
MAIL_DOMAIN: $MAIL_DOMAIN
|
|
CMDEPLOY_STAGES: ${CMDEPLOY_STAGES:-}
|
|
CHATMAIL_NOSYSCTL: ${CHATMAIL_NOSYSCTL:-True}
|
|
CHATMAIL_NOPORTCHECK: ${CHATMAIL_NOPORTCHECK:-True}
|
|
CHATMAIL_NOACME: ${CHATMAIL_NOACME:-}
|
|
network_mode: "host"
|
|
volumes:
|
|
## system (required)
|
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
|
## data (defaults — override in docker-compose.override.yaml)
|
|
- chatmail-data:/home/vmail
|
|
- chatmail-dkimkeys:/etc/dkimkeys
|
|
- chatmail-acme:/var/lib/acme
|
|
|
|
volumes:
|
|
chatmail-data:
|
|
chatmail-dkimkeys:
|
|
chatmail-acme:
|