diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2023-09-01 13:57:48 +0200 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2023-09-01 14:42:30 +0200 |
| commit | 816ff7ecd4a39c9918141c9fee10932cecb52565 (patch) | |
| tree | 82598a73ffa03ab0e263b15109057a6e60610fc6 /guix-container.sh | |
| parent | b659857f486ac1fe696c3d57c43a002cfb05b784 (diff) | |
| download | koszko-org-server-816ff7ecd4a39c9918141c9fee10932cecb52565.tar.gz koszko-org-server-816ff7ecd4a39c9918141c9fee10932cecb52565.zip | |
Add Dovecot to the container
Diffstat (limited to 'guix-container.sh')
| -rwxr-xr-x | guix-container.sh | 44 |
1 files changed, 28 insertions, 16 deletions
diff --git a/guix-container.sh b/guix-container.sh index 411e4ff..2a96b71 100755 --- a/guix-container.sh +++ b/guix-container.sh @@ -81,6 +81,7 @@ done GUILE_PID= SUCCESS= QUIET_EXIT= +FORWARDED_PORTLISTS="25,12525,465,587 993" is_running() { test -e "$PIDFILE" && test -n "$(ps -o pid= --pid $(cat "$PIDFILE"))" @@ -118,16 +119,20 @@ network_setup() { for LINKNAME in $(ip route | grep default | awk '{print $5}'); do iptables -t nat -A POSTROUTING \ -s 10.207.87.1/24 -o "$LINKNAME" -j MASQUERADE - iptables -t nat -A PREROUTING \ - -i "$LINKNAME" -p tcp \ - -m multiport --dports 25,12525,465,587 \ - -j DNAT --to-destination 10.207.87.2 + for PORTLIST in $FORWARDED_PORTLISTS; do + iptables -t nat -A PREROUTING \ + -i "$LINKNAME" -p tcp \ + -m multiport --dports "$PORTLIST" \ + -j DNAT --to-destination 10.207.87.2 + done done - iptables -t nat -A OUTPUT \ - -d "$(resolve_ipv4_domain koszko.org)" -p tcp \ - -m multiport --dports 25,12525,465,587 \ - -j DNAT --to-destination 10.207.87.2 + for PORTLIST in $FORWARDED_PORTLISTS; do + iptables -t nat -A OUTPUT \ + -d "$(resolve_ipv4_domain koszko.org)" -p tcp \ + -m multiport --dports "$PORTLIST" \ + -j DNAT --to-destination 10.207.87.2 + done cat /etc/resolv.conf | nsenter --target "$SHEPHERD_PID" --all \ @@ -154,19 +159,23 @@ network_rip() { echo 0 > /proc/sys/net/ipv4/ip_forward for LINKNAME in $(ip route | grep default | awk '{print $5}'); do - iptables_rip_rule -t nat -D PREROUTING \ - -i "$LINKNAME" -p tcp \ - -m multiport --dports 25,12525,465,587 \ - -j DNAT --to-destination 10.207.87.2 + for PORTLIST in $FORWARDED_PORTLISTS; do + iptables_rip_rule -t nat -D PREROUTING \ + -i "$LINKNAME" -p tcp \ + -m multiport --dports "$PORTLIST" \ + -j DNAT --to-destination 10.207.87.2 + done iptables_rip_rule -t nat -D POSTROUTING \ -s 10.207.87.1/24 -o "$LINKNAME" \ -j MASQUERADE done - iptables_rip_rule -t nat -D OUTPUT \ - -d "$(resolve_ipv4_domain koszko.org)" -p tcp \ - -m multiport --dports 25,12525,465,587 \ - -j DNAT --to-destination 10.207.87.2 + for PORTLIST in $FORWARDED_PORTLISTS; do + iptables_rip_rule -t nat -D OUTPUT \ + -d "$(resolve_ipv4_domain koszko.org)" -p tcp \ + -m multiport --dports "$PORTLIST" \ + -j DNAT --to-destination 10.207.87.2 + done } stop() { @@ -222,6 +231,7 @@ start() { LOG_REAL="$LOG_DIR"/container ETC_LETSENCRYPT_REAL="$HOST_SYSTEM_ROOT"/etc/letsencrypt ETC_EXIM_REAL="$HOST_SYSTEM_ROOT"/etc/exim + ETC_DOVECOT_REAL="$HOST_SYSTEM_ROOT"/etc/dovecot ETC_REAL="$HOST_SYSTEM_ROOT"/etc/guix-container VAR_SPOOL_EXIM_REAL="$HOST_SYSTEM_ROOT"/var/spool/exim VAR_HYDRILLA_REAL="$HOST_SYSTEM_ROOT"/var/lib/hydrilla @@ -234,6 +244,7 @@ start() { LOG_DIR_SHARE_OPT=--share="$LOG_REAL"=/var/log ETC_LETSENCRYPT_DIR_SHARE_OPT=--share="$ETC_LETSENCRYPT_REAL"=/etc/letsencrypt ETC_EXIM_DIR_SHARE_OPT=--share="$ETC_EXIM_REAL"=/etc/exim + ETC_DOVECOT_DIR_SHARE_OPT=--share="$ETC_DOVECOT_REAL"=/etc/dovecot ETC_DIR_SHARE_OPT=--share="$ETC_REAL"=/etc VAR_SPOOL_EXIM_DIR_SHARE_OPT=--share="$VAR_SPOOL_EXIM_REAL"=/var/spool/exim VAR_HYDRILLA_DIR_SHARE_OPT=--share="$VAR_HYDRILLA_REAL"=/var/lib/hydrilla @@ -249,6 +260,7 @@ start() { "$LOG_DIR_SHARE_OPT" \ "$ETC_LETSENCRYPT_DIR_SHARE_OPT" \ "$ETC_EXIM_DIR_SHARE_OPT" \ + "$ETC_DOVECOT_DIR_SHARE_OPT" \ "$ETC_DIR_SHARE_OPT" \ "$VAR_SPOOL_EXIM_DIR_SHARE_OPT" \ "$VAR_HYDRILLA_DIR_SHARE_OPT" \ |