diff --git a/.env.dist b/.env.dist index 265edb5..61d9535 100644 --- a/.env.dist +++ b/.env.dist @@ -17,6 +17,4 @@ ADMIN_MAIL=your@mail.address # Change me! SMTP_RELAY_DOMAINS=domain.tld SMTP_HOSTNAME=mail.domain.tld SMTP_PORT=465 -SMTP_USERNAME=user@domain.tld -SMTP_PASSWORD=ChangeMe! SMTP_ALIASES=mail.domain.tld diff --git a/.gitignore b/.gitignore index b8865ed..92635f8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .env +.secrets docker-compose.override.yml diff --git a/.secrets.dist/smtpd_password.secret b/.secrets.dist/smtpd_password.secret new file mode 100644 index 0000000..5c734b1 --- /dev/null +++ b/.secrets.dist/smtpd_password.secret @@ -0,0 +1 @@ +ChangeMe! diff --git a/.secrets.dist/smtpd_user.secret b/.secrets.dist/smtpd_user.secret new file mode 100644 index 0000000..ee42d43 --- /dev/null +++ b/.secrets.dist/smtpd_user.secret @@ -0,0 +1 @@ +user@domain.tld diff --git a/README.md b/README.md index 7cca78f..114749f 100644 --- a/README.md +++ b/README.md @@ -23,10 +23,13 @@ great [Docker images of Baroes](https://github.com/barcus/bareos). cd /opt git clone https://github.com/solution-libre/docker-bareos.git bareos cd bareos +cp -r .secrets.dist .secrets ``` Declare environment variables or copy the `.env.dist` to `.env` and adjust its values. +Change the value of the secrets in the `.secrets` folder. + Register a domain like 'bareos.domain.tld'. ## Usage diff --git a/docker-compose-barcus.override.yml b/docker-compose-barcus.override.yml index 877e1d6..c191bd4 100644 --- a/docker-compose-barcus.override.yml +++ b/docker-compose-barcus.override.yml @@ -90,16 +90,22 @@ services: smtpd: restart: unless-stopped + command: ["exim", "-bd", "-q15m", "-v"] + entrypoint: /usr/local/bin/docker-entrypoint.sh hostname: "smtpd.${HOSTNAME}" volumes: - ../docker-volumes/smtpd/_docker_additional_macros:/etc/exim4/_docker_additional_macros - ../docker-volumes/smtpd/exim4.conf.template:/etc/exim4/exim4.conf.template + - ../docker-volumes/smtpd/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh + secrets: + - smtpd-user + - smtpd-password environment: RELAY_DOMAINS: ${SMTP_RELAY_DOMAINS} SMARTHOST_ADDRESS: ${SMTP_HOSTNAME} SMARTHOST_PORT: ${SMTP_PORT} - SMARTHOST_USER: ${SMTP_USERNAME} - SMARTHOST_PASSWORD: ${SMTP_PASSWORD} + SMARTHOST_USER_FILE: '/run/secrets/smtpd-user' + SMARTHOST_PASSWORD_FILE: '/run/secrets/smtpd-password' SMARTHOST_ALIASES: ${SMTP_ALIASES} networks: default: @@ -116,6 +122,12 @@ networks: - subnet: "${NETWORK_PREFIX}.0/20" gateway: "${NETWORK_PREFIX}.1" +secrets: + smtpd-user: + file: ../.secrets/smtpd_user.secret + smtpd-password: + file: ../.secrets/smtpd_password.secret + volumes: director_config: director_data: diff --git a/docker-volumes/smtpd/docker-entrypoint.sh b/docker-volumes/smtpd/docker-entrypoint.sh new file mode 100755 index 0000000..a5b0c76 --- /dev/null +++ b/docker-volumes/smtpd/docker-entrypoint.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +set -eo pipefail +shopt -s nullglob + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both ${varName} and ${fileVarName} are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +file_env SMARTHOST_USER +file_env SMARTHOST_PASSWORD + +exec /bin/entrypoint.sh "$@"