-
Notifications
You must be signed in to change notification settings - Fork 0
/
mailman-stack.yml
162 lines (155 loc) · 6.1 KB
/
mailman-stack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
version: '3.3'
networks:
default:
driver: overlay
ipam:
driver: default
config:
- subnet: 10.1.0.0/24
services:
mailman-core:
image: sphericalcowgroup/mailman-core:0.2.3
volumes:
- /srv/docker/mailman/core:/opt/mailman/
environment:
- MAILMAN_DATABASE_URL_FILE=/run/secrets/mailman_database_url
- MAILMAN_DATABASE_TYPE=postgres
- MAILMAN_DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
- HYPERKITTY_API_KEY_FILE=/run/secrets/hyperkitty_api_key
- MAILMAN_REST_USER=restadmin
- MAILMAN_REST_PASSWORD_FILE=/run/secrets/mailman_rest_password
- SMTP_HOST=postfix
- SMTP_PORT=25
stop_grace_period: 30s
networks:
- default
secrets:
- hyperkitty_api_key
- mailman_database_url
- mailman_rest_password
deploy:
endpoint_mode: dnsrr
mailman-web:
image: mwatelescope/mailman-web:0.2.3-2-202209
volumes:
- /srv/docker/mailman/web:/opt/mailman-web-data
- /srv/docker/mailman/mailman-web:/opt/mailman-web
environment:
- MAILMAN_DATABASE_URL_FILE=/run/secrets/mailman_database_url
- MAILMAN_DATABASE_TYPE=postgres
- HYPERKITTY_API_KEY_FILE=/run/secrets/hyperkitty_api_key
- SERVE_FROM_DOMAIN=lists.mwatelescope.org
- MAILMAN_ADMIN_USER=mailman_admin
- MAILMAN_ADMIN_EMAIL=greg.sleap@curtin.edu.au
- MAILMAN_WEB_SECRET_KEY_FILE=/run/secrets/mailman_web_secret_key
- MAILMAN_REST_USER=restadmin
- MAILMAN_REST_PASSWORD_FILE=/run/secrets/mailman_rest_password
- SMTP_HOST=postfix
- SMTP_PORT=25
networks:
- default
secrets:
- hyperkitty_api_key
- mailman_database_url
- mailman_rest_password
- mailman_web_secret_key
deploy:
endpoint_mode: dnsrr
database:
image: postgres:9.6
volumes:
- /srv/docker/mailman/database:/var/lib/postgresql/data
environment:
- POSTGRES_DB=mailmandb
- POSTGRES_USER=mailman
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
networks:
- default
secrets:
- postgres_password
deploy:
endpoint_mode: dnsrr
postfix:
image: mwatelescope/mailman-postfix:4-20240223
volumes:
- /srv/docker/mailman:/opt/mailman
environment:
# reg01p, web01p, ind01p, web01d, mwa-django01p, cerberus-ilom, DFN nimbus dev, DFN AWS Dev
- POSTFIX_MYHOSTNAME=lists.mwatelescope.org
- POSTFIX_MYNETWORKS=!10.255.0.0/16 10.1.0.0/24 10.51.218.43/32 10.51.218.48/32 10.51.218.218/32 10.51.227.7/32 10.51.218.205/32 202.9.9.10/32 146.118.69.137/32 52.64.118.206/32
secrets:
- https_cert_file
- https_key_file
ports:
- target: 25
published: 25
# 'host' mode is necessary for Postfix to receive the connection IP address
# instead of the ingress network IP address. This is only a useful workaround
# when not truly leveraging the load balancing capabilities of swarm mode.
# Normally with more than a single mode swarm the upstream load balancer in
# front of the swarm would be used for the definitive access log.
# See discussion at https://github.com/moby/moby/issues/25526 .
mode: host
networks:
- default
deploy:
endpoint_mode: dnsrr
apache:
image: mwatelescope/mailman-core-apache-shib:3-202209
volumes:
- /srv/docker/mailman/web:/opt/mailman-web-data
- /srv/docker/mailman/shib/etc/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml
- /srv/docker/mailman/shib/etc/attribute-map.xml:/etc/shibboleth/attribute-map.xml
- /srv/docker/mailman/shib/etc/mwa-proxy-metadata.xml:/etc/shibboleth/mwa-proxy-metadata.xml
- /srv/docker/mailman/apache/httpd.conf:/usr/local/apache2/conf/httpd.conf
environment:
- HTTPS_CERT_FILE=/run/secrets/https_cert_file
- HTTPS_KEY_FILE=/run/secrets/https_key_file
- MAILMAN_ADMIN_EMAIL=greg.sleap@curtin.edu.au
- SHIBBOLETH_SP_ENCRYPT_CERT=/run/secrets/shibboleth_sp_encrypt_cert
- SHIBBOLETH_SP_ENCRYPT_PRIVKEY=/run/secrets/shibboleth_sp_encrypt_privkey
- VIRTUAL_HOST_FQDN=lists.mwatelescope.org
secrets:
- https_cert_file
- https_key_file
- shibboleth_sp_encrypt_cert
- shibboleth_sp_encrypt_privkey
networks:
- default
ports:
- target: 443
published: 443
protocol: tcp
# 'host' mode is necessary for nginx to receive the browser IP address
# instead of the ingress network IP address. This is only a useful workaround
# when not truly leveraging the load balancing capabilities of swarm mode.
# Normally with more than a single mode swarm the upstream load balancer in
# front of the swarm would be used for the definitive access log.
# See discussion at https://github.com/moby/moby/issues/25526 .
mode: host
- target: 80
published: 80
protocol: tcp
mode: host
deploy:
replicas: 1
endpoint_mode: dnsrr
secrets:
https_cert_file:
external: true
https_key_file:
external: true
hyperkitty_api_key:
external: true
mailman_database_url:
external: true
mailman_rest_password:
external: true
mailman_web_secret_key:
external: true
postgres_password:
external: true
shibboleth_sp_encrypt_cert:
external: true
shibboleth_sp_encrypt_privkey:
external: true