nicolas
/
podman-quadlet-cookbook
mirror of https://github.com/nmasse-itix/podman-quadlet-cookbook.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Collection of cookbooks for Podman Quadlets
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
95 Commits
1 Branch
0 Tags
433 KiB
 
 
 
 
Branch: main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
podman-quadlet-cookbook/cookbooks/smtprelay/SPECS.md

2.3 KiB
Raw Permalink Blame History

Specification for smtprelay Quadlet Cookbook

You will have to develop a Quadlet cookbook for smtprelay, the mail transfer agent.

Architecture

smtprelay is a mail transfer agent, deployed as a container image. The container image will be built from the CentOS Stream 10 image (quay.io/centos/centos:stream10).

Common requirements

  • The quay.io/centos/centos:stream10 docker image MUST have its own quadlet .image file.
  • Each cookbook MUST have a dedicated unique UID. The GID is 10000.

Security

Directly set the UID and GID in the quadlet file (no mapping). Use the host network, like other quadlet cookbooks. Let's Encrypt certificates will be handled by Traefik, so no need to worry about that in the smtprelay cookbook.

Installation

Create the Containerfile for smtprelay, which will install the smtprelay binary. The smtprelay binary can be obtained from the official releases on GitHub: https://github.com/decke/smtprelay.

Look at cookbooks/base/config/install-fastfetch.sh for an example of how to install a binary from a GitHub release in a Containerfile.

Configuration

A sample configuration file for smtprelay:

; Hostname for this SMTP server
hostname = localhost

; File which contains username and password used for
; authentication before they can send mail.
allowed_users = /etc/smtprelay/allowed_users.txt

; Networks that are allowed to send mails to us
; Defaults to localhost. If set to "", then any address is allowed.
;allowed_nets = 0.0.0.0/0 ::/0
allowed_nets = 0.0.0.0/0

; Enable TLS for incoming connections on port 587
listen = starttls://0.0.0.0:587
local_cert = /etc/smtprelay/tls/localhost.crt
local_key  = /etc/smtprelay/tls/localhost.key

; Enforce encrypted connection on STARTTLS ports before
; accepting mails from client.
local_forcetls = true

; Relay Config (ex: Mailgun)
remotes = starttls://user:pass@smtp.mailgun.org:587

Entrypoint

smtprelay --config /etc/smtprelay/smtprelay.ini -logfile=/dev/stdout

How to test

swaks --to youremail@example.com --from youremail@example.com --auth-user yourusername --auth-password yourpassword --port 587 --tls

Useful examples

You can copy the structure of the miniflux cookbook. Look at the samba cookbook for an example of how to handle the container image building.