summaryrefslogtreecommitdiffstats
path: root/docker-compose.yml (follow)
AgeCommit message (Collapse)AuthorFilesLines
2024-08-02Add 'mail' subdomain to hostname placeholdersMalfurious1-3/+3
Add this subdomain as a hint to the user, to distinguish the specific server hostname from the virtual domain list, which should usually only contain second-level domain names. Signed-off-by: Malfurious <m@lfurio.us>
2024-07-09opendkim: Start milter serviceMalfurious1-0/+9
Signed-off-by: Malfurious <m@lfurio.us>
2024-07-09opendkim: Configure signing parametersMalfurious1-1/+1
We use a hard-coded key selector of "default" and store keyfiles in the dkim volume. `Domain` indicates the mail sources for which mail should be signed rather than verified. Because we are using ENV_VIRTUAL_DOMAINS in this context, we now require the variable to be comma separated (no whitespace), as that is what this file requires. All previous usages of ENV_VIRTUAL_DOMAINS are compatible with comma separation. Signed-off-by: Malfurious <m@lfurio.us>
2024-07-09opendkim: Setup package and data volumeMalfurious1-0/+2
The postfix user is added to the opendkim group so that the MTA can eventually interact with the filter over its socket file. Signed-off-by: Malfurious <m@lfurio.us>
2024-06-30Mount certificates readonlyMalfurious1-2/+2
We don't need to modify any files within this volume, so mark it as read only, especially since the volume belongs to nginx-proxy. We require write access to the other volumes. Signed-off-by: Malfurious <m@lfurio.us>
2024-06-15mlmmj: Add maintenance serviceMalfurious1-0/+9
Define a container to run mlmmj-maintd service. It runs daemonized so it will schedule its own tasks (its forground mode is one-shot execution). Signed-off-by: Malfurious <m@lfurio.us>
2024-06-15mlmmj: Setup mailing list packageMalfurious1-0/+2
Signed-off-by: Malfurious <m@lfurio.us>
2024-06-09Create docker image and servicesMalfurious1-0/+57
As hinted by the previous commit, the mailnode system is built in a single docker image for simplicity. Defining multiple Dockerfiles would lead to many redundant tasks and be harder to maintain. So a common image for all services is built. However, the compose file spawns a unique container for each service, and communication occurs via the filesystem, through volumes. Note also that some fields in docker-compose.yml are required to be set by the end-user. The mail system is oriented around virtual users, so that nobody needs their own unix system account. However, best security practice is to create a dedicated user to own the mails - this user shouldn't be used for any other purpose. For this, the Dockerfile creates the user "vmailbox". The reason for declaring port exposure for TCP/80 is to enable automated TLS encryption with nginx-proxy-acme. This port is not actually opened by the compose file. Signed-off-by: Malfurious <m@lfurio.us>
cgit-1.2.3-r5 | srcnode v0.4.0