mirror of
https://github.com/chatmail/relay.git
synced 2026-05-12 09:04:36 +00:00
7df907f271
Add Docker-based deployment: Dockerfile based on systemd image, docker-compose.yaml, build script, entrypoint, external certificate monitoring, CI workflow, and documentation. This builds on the chatmaild/cmdeploy preparation in the previous commit (j4n/docker-prep-chatmail) which added the env-var-driven feature flags (CHATMAIL_NOSYSCTL, CHATMAIL_NOPORTCHECK, CHATMAIL_NOACME) and @local deployment support needed by the container. This is commit 2 of 3 to merge squashed changes on j4n/docker and docker branches, original commits were beef0ec..606f36e Architecture overview (mostly by original author Keonik1): - Debian-systemd image wrapping the existing cmdeploy install - Host networking to not manually expose the many ports needed - Config via MAIL_DOMAIN env var or (new) mounted chatmail.ini - New: cmdeploy stages: install at build, configure+activate at startup - New: Monitoring service for external certs via systemd timer (chatmail-certmon) - New: Image version tracking for automatic upgrade detection (cm + config hash) - New: docker-compose.override.yaml pattern for user customizations - New: GitHub Actions CI for ghcr.io image builds Traefik reverse-proxy support is prepared but the specific files are excluded from this PR and will be submitted separately. TODO: - [ ] Pull out CHATMAIL_NOACME as PR #855 introduced a proper mechanism - [ ] Check if underlying image could be based on regular debian-slim images with a step to enable systemd, similar to https://github.com/alexdzyoba/docker-debian-systemd Files added: .dockerignore .github/workflows/docker-build.yaml docker-compose.yaml docker-compose.override.yaml.example docker/build.sh docker/chatmail_relay.dockerfile docker/files/chatmail-certmon.{service,sh,timer} docker/files/entrypoint.sh docker/files/setup_chatmail.service docker/files/setup_chatmail_docker.sh env.example doc/source/docker.rst Files modified: .gitignore doc/source/getting_started.rst doc/source/index.rst Co-authored-by: Keonik1 <keonik.dev@gmail.com> Co-authored-by: missytake <missytake@systemli.org>
106 lines
3.7 KiB
Docker
106 lines
3.7 KiB
Docker
FROM jrei/systemd-debian:12 AS base
|
|
|
|
ENV LANG=en_US.UTF-8
|
|
|
|
RUN echo 'APT::Install-Recommends "0";' > /etc/apt/apt.conf.d/01norecommend && \
|
|
echo 'APT::Install-Suggests "0";' >> /etc/apt/apt.conf.d/01norecommend && \
|
|
apt-get update && \
|
|
apt-get install -y \
|
|
ca-certificates && \
|
|
DEBIAN_FRONTEND=noninteractive \
|
|
TZ=UTC \
|
|
apt-get install -y tzdata && \
|
|
apt-get install -y locales && \
|
|
sed -i -e "s/# $LANG.*/$LANG UTF-8/" /etc/locale.gen && \
|
|
dpkg-reconfigure --frontend=noninteractive locales && \
|
|
update-locale LANG=$LANG \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN apt-get update && \
|
|
apt-get install -y \
|
|
git \
|
|
python3 \
|
|
python3-venv \
|
|
python3-virtualenv \
|
|
gcc \
|
|
python3-dev \
|
|
opendkim \
|
|
opendkim-tools \
|
|
curl \
|
|
rsync \
|
|
unbound \
|
|
unbound-anchor \
|
|
dnsutils \
|
|
postfix \
|
|
acl \
|
|
nginx \
|
|
libnginx-mod-stream \
|
|
fcgiwrap \
|
|
cron \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# --- Build-time: install cmdeploy venv and run install stage ---
|
|
# Editable install so importlib.resources reads directly from the source tree.
|
|
# On container start only "configure,activate" stages run.
|
|
COPY . /opt/chatmail/
|
|
WORKDIR /opt/chatmail
|
|
|
|
RUN printf '[params]\nmail_domain = build.local\n' > /tmp/chatmail.ini
|
|
|
|
# Dummy git repo init: .git/ is excluded from the build context (.dockerignore)
|
|
# but setuptools calls `git ls-files` when building the sdist.
|
|
RUN git init -q && \
|
|
python3 -m venv /opt/cmdeploy && \
|
|
/opt/cmdeploy/bin/pip install --no-cache-dir \
|
|
-e chatmaild/ -e cmdeploy/
|
|
|
|
RUN CMDEPLOY_STAGES=install \
|
|
CHATMAIL_INI=/tmp/chatmail.ini \
|
|
CHATMAIL_NOSYSCTL=True \
|
|
CHATMAIL_NOPORTCHECK=True \
|
|
/opt/cmdeploy/bin/pyinfra @local \
|
|
/opt/chatmail/cmdeploy/src/cmdeploy/run.py -y
|
|
|
|
RUN cp -a www/ /opt/chatmail-www/
|
|
|
|
RUN rm -f /tmp/chatmail.ini
|
|
|
|
# Record image version (used in deploy fingerprint at runtime).
|
|
# GIT_HASH is passed as a build arg (from docker-compose or CI) so that
|
|
# .git/ can be excluded from the build context via .dockerignore.
|
|
ARG GIT_HASH=unknown
|
|
RUN echo "$GIT_HASH" > /etc/chatmail-image-version && \
|
|
echo "$GIT_HASH" > /etc/chatmail-version
|
|
# --- End build-time install ---
|
|
|
|
ENV CHATMAIL_INI=/etc/chatmail/chatmail.ini
|
|
ENV PATH="/opt/cmdeploy/bin:${PATH}"
|
|
RUN ln -s /etc/chatmail/chatmail.ini /opt/chatmail/chatmail.ini
|
|
|
|
ARG SETUP_CHATMAIL_SERVICE_PATH=/lib/systemd/system/setup_chatmail.service
|
|
COPY ./docker/files/setup_chatmail.service "$SETUP_CHATMAIL_SERVICE_PATH"
|
|
RUN ln -sf "$SETUP_CHATMAIL_SERVICE_PATH" "/etc/systemd/system/multi-user.target.wants/setup_chatmail.service"
|
|
|
|
# Remove default nginx site config at build time (not in entrypoint)
|
|
RUN rm -f /etc/nginx/sites-enabled/default
|
|
|
|
COPY --chmod=555 ./docker/files/setup_chatmail_docker.sh /setup_chatmail_docker.sh
|
|
COPY --chmod=555 ./docker/files/entrypoint.sh /entrypoint.sh
|
|
|
|
# Certificate monitoring as a proper systemd timer (not a background process)
|
|
COPY --chmod=555 ./docker/files/chatmail-certmon.sh /chatmail-certmon.sh
|
|
COPY ./docker/files/chatmail-certmon.service /lib/systemd/system/chatmail-certmon.service
|
|
COPY ./docker/files/chatmail-certmon.timer /lib/systemd/system/chatmail-certmon.timer
|
|
RUN ln -sf /lib/systemd/system/chatmail-certmon.timer /etc/systemd/system/timers.target.wants/chatmail-certmon.timer
|
|
|
|
HEALTHCHECK --interval=60s --timeout=10s --retries=3 \
|
|
CMD systemctl is-active dovecot postfix nginx unbound opendkim filtermail doveauth chatmail-metadata || exit 1
|
|
|
|
STOPSIGNAL SIGRTMIN+3
|
|
|
|
ENTRYPOINT ["/entrypoint.sh"]
|
|
|
|
CMD [ "--default-standard-output=journal+console", \
|
|
"--default-standard-error=journal+console" ]
|
|
|