mirror of
https://github.com/chatmail/relay.git
synced 2026-05-10 16:04:37 +00:00
40051f7ac3
Add container-based deployment as an alternative to bare-metal pyinfra. - systemd inside container reusing the existing deployer infrastructure - chatmail-init.sh runs `cmdeploy run --ssh-host @local` on first boot, so the container self-deploys using the same code path as bare-metal - Config via MAIL_DOMAIN env var (simple) or mounted chatmail.ini (advanced) - External TLS support via TLS_EXTERNAL_CERT_AND_KEY for reverse proxy setups - Image version tracking in /etc/chatmail-image-version for upgrade detection - .git/ excluded, but version file mocked so git revparse still works - Health check verifies postfix, dovecot, and nginx are listening Files added: - docker/chatmail_relay.dockerfile: multi-stage build (build + runtime) - docker/chatmail-init.sh: first-boot deployment script - docker/chatmail-init.service: systemd unit for init script - docker/entrypoint.sh: container entrypoint (starts systemd) - docker/healthcheck.sh: container health check - docker/docker-compose.yaml: main compose config - docker/docker-compose.ci.yaml: CI override (uses GHCR image) - docker/docker-compose.override.yaml.example: customization template - docker/build.sh: helper script - doc/source/docker.rst: documentation - .dockerignore: build context filter
49 lines
1.5 KiB
YAML
49 lines
1.5 KiB
YAML
# Base compose file — do not edit. Put customizations (data paths, extra
|
|
# volumes, env overrides) in docker-compose.override.yaml instead.
|
|
# See docker-compose.override.yaml.example in this directory for a starting point.
|
|
#
|
|
# Security notes: this container uses
|
|
# - network_mode:host chatmail needs many ports (25, 53, 80, 143, 443, 465,
|
|
# 587, 993, 3340, 8443) and needs to operate from the real IP, which bridging
|
|
# would make tricky
|
|
# - cgroup:host (required for systemd).
|
|
# Together these give the container near-host-level access. This is acceptable
|
|
# for a dedicated mail server, but be aware that the container can bind any
|
|
# port and see all host network traffic.
|
|
|
|
services:
|
|
chatmail:
|
|
build:
|
|
context: ../
|
|
dockerfile: docker/chatmail_relay.dockerfile
|
|
args:
|
|
GIT_HASH: ${GIT_HASH:-unknown}
|
|
image: chatmail-relay:latest
|
|
restart: unless-stopped
|
|
container_name: chatmail
|
|
# Required for systemd — use only one of the following:
|
|
cgroup: host # compose v2
|
|
# privileged: true # compose v1 (less restricted)
|
|
tty: true # required for logs
|
|
tmpfs: # required for systemd
|
|
- /tmp
|
|
- /run
|
|
- /run/lock
|
|
logging:
|
|
driver: none
|
|
environment:
|
|
MAIL_DOMAIN: $MAIL_DOMAIN
|
|
network_mode: "host"
|
|
volumes:
|
|
## system (required)
|
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
|
## data (defaults — override in docker-compose.override.yaml)
|
|
- mail:/home/vmail
|
|
- dkim:/etc/dkimkeys
|
|
- certs:/var/lib/acme
|
|
|
|
volumes:
|
|
mail:
|
|
dkim:
|
|
certs:
|