Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / f3d740cc457002ef01cf374a90520aad1db0cafc / . / mailcow / default.nix
blob: 0408755c1225da0e602f2900cd38564661ad8b29 [file] [log] [blame]
Matthias Andreas Benkardad50c362021-01-02 12:36:02 +0100[diff] [blame]1{ system ? builtins.currentSystem }:
2let
Matthias Andreas Benkardf3d740c2022-12-28 21:27:39 +0100[diff] [blame^]3 pkgs = import <nixpkgs> {
4 inherit system;
5 overlays = [
6 (self: super: {
7 docker = super.docker.override {
8 iptables = self.iptables-legacy;
9 };
10 })
11 ];
12 };
Matthias Andreas Benkardad50c362021-01-02 12:36:02 +0100[diff] [blame]13
14in
15let
16 img = spec: {
17 streamed = pkgs.dockerTools.streamLayeredImage spec;
18 layered = pkgs.dockerTools.buildLayeredImage spec;
19 image = pkgs.dockerTools.buildImage spec;
20 };
21
22in
23let
24 dockerComposeOverrideYaml =
25 pkgs.writeTextDir "docker-compose.override.yml" ''
26 version: '2.1'
27
28 services:
29 mysql-mailcow:
30 image: alpine/socat:1.0.3
31 command:
32 - UNIX-LISTEN:/var/run/mysqld/mysqld.sock,reuseaddr,fork,unlink-early,mode=0777
33 - TCP-CONNECT:mysql.system.svc.cluster.local.:3306
34 volumes:
35 - mysql-socket-vol-1:/var/run/mysqld/:Z
36 restart: always
37
38 netfilter-mailcow:
39 build: ./data/Dockerfiles/netfilter
40
41 watchdog-mailcow:
42 build: ./data/Dockerfiles/watchdog
43
44 volumes:
45 vmail-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/vmail"}}
46 vmail-index-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/vmail-index"}}
47 mysql-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/run/mysql"}}
48 mysql-socket-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/run/mysql-socket"}}
49 redis-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/redis-data"}}
50 rspamd-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/rspamd-data"}}
51 solr-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/solr-data"}}
52 postfix-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/postfix-data"}}
53 crypt-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/crypt-data"}}
54 sogo-web-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/sogo-web"}}
55 sogo-userdata-backup-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/sogo-userdata-backup"}}
56 '';
57
58 init =
59 pkgs.writeShellScriptBin "init" ''
60 set -xeuo pipefail
61
62 if ! [ -e /vol/docker-data/docker.ext4 ]; then
63 ${pkgs.busybox}/bin/dd if=/dev/zero of=/vol/docker-data/docker.ext4 bs=1G count=0 seek=30
64 ${pkgs.e2fsprogs}/bin/mkfs.ext4 /vol/docker-data/docker.ext4
65 fi
66 ${pkgs.e2fsprogs}/bin/e2fsck -y /vol/docker-data/docker.ext4
67 ${pkgs.busybox}/bin/mkdir -p /var/lib/docker
68 ${pkgs.busybox}/bin/mount -o loop,rw /vol/docker-data/docker.ext4 /var/lib/docker
69
70 ${pkgs.docker}/bin/dockerd --storage-driver=overlay2 &
71 sleep 10s
72
73 ${pkgs.docker}/bin/docker kill $(${pkgs.docker}/bin/docker ps -a -q) || :
74 ${pkgs.docker}/bin/docker system prune --volumes --force || :
75
76 ${pkgs.docker-compose}/bin/docker-compose -f /mailcow-dockerized/docker-compose.yml -f ${dockerComposeOverrideYaml}/docker-compose.override.yml build
77
78 ${pkgs.busybox}/bin/mkdir -p /tmp /run/{mysql,mysql-socket}
Matthias Andreas Benkardf3d740c2022-12-28 21:27:39 +0100[diff] [blame^]79 ${pkgs.busybox}/bin/chmod u+w /mailcow-dockerized/data/web/templates/cache
Matthias Andreas Benkardad50c362021-01-02 12:36:02 +0100[diff] [blame]80 exec ${pkgs.docker-compose}/bin/docker-compose --env-file /mailcow-dockerized/mailcow.conf -f /mailcow-dockerized/docker-compose.yml -f ${dockerComposeOverrideYaml}/docker-compose.override.yml up --remove-orphans
81 '';
82
83 src = ./src;
84
85 extraDeps = with pkgs; [
86 # for Docker
87 cacert
88
89 # for update.sh
90 bash
91 coreutils
92 curl
93 docker
94 docker-compose
95 findutils
96 gawk
97 gitMinimal
98 ];
99
100 maintenanceDeps = with pkgs; [
101 bash
102 busybox
103 coreutils
104 findutils
105 pxattr
106 strace
107 ];
108
109in
110img {
111 name = "docker.benkard.de/mulk/mailcow";
Matthias Andreas Benkardcc14d222021-01-06 17:59:02 +0100[diff] [blame]112 #tag = "latest";
Matthias Andreas Benkardad50c362021-01-02 12:36:02 +0100[diff] [blame]113 maxLayers = 125;
114 contents = extraDeps ++ maintenanceDeps;
115 extraCommands =
116 ''
117 #!${pkgs.runtimeShell}
118
119 install -dm755 vol/{crypt-data,postfix-data,redis-data,rspamd-data,sogo-web,sogo-userdata-backup,solr-data,vmail,vmail-index,web-data}
120
121 cp -a ${src}/* .
122 '';
123 config = {
124 Entrypoint = [ "${init}/bin/init" ];
125 Cmd = [ ];
126 Workdir = "/mailcow-dockerized";
127 Volumes = {
128 "/mailcow-dockerized/data/conf" = { };
129 "/mailcow-dockerized/data/assets/ssl" = { };
130 "/vol/crypt-data" = { };
131 "/vol/docker-data" = { };
132 "/vol/postfix-data" = { };
133 "/vol/redis-data" = { };
134 "/vol/rspamd-data" = { };
135 "/vol/sogo-web" = { };
136 "/vol/sogo-userdata-backup" = { };
137 "/vol/solr-data" = { };
138 "/vol/vmail" = { };
139 "/vol/vmail-index" = { };
140 "/vol/web-data" = { };
141 };
142 };
143}