Hack in command-line specification of domain, cert and key
This commit is contained in:
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1,2 +1,4 @@
|
||||
/crockery
|
||||
/crockery.db
|
||||
/cert
|
||||
/key
|
||||
|
||||
12
README.md
12
README.md
@@ -72,6 +72,18 @@ Probably other stuff. Email is big, and just keeps getting bigger.
|
||||
|
||||
## How
|
||||
|
||||
### Building a binary
|
||||
|
||||
```
|
||||
$ go build ur.gs/crockery/cmd/crockery
|
||||
$ sudo setcap 'cap_net_bind_service=+ep' ./crockery
|
||||
```
|
||||
|
||||
The second step allows crockery to bind to the various low-numbered ports it
|
||||
needs (25, 587, 149, 993) **without** running as root. Don't bother with it if
|
||||
you're going to be running crockery as root, e.g., as a container or a single-
|
||||
purpose system.
|
||||
|
||||
### Initialize a new database
|
||||
|
||||
```
|
||||
|
||||
@@ -2,6 +2,8 @@ package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"flag"
|
||||
"log"
|
||||
"os"
|
||||
"os/signal"
|
||||
@@ -10,7 +12,19 @@ import (
|
||||
"ur.gs/crockery/internal/store"
|
||||
)
|
||||
|
||||
var (
|
||||
domain = flag.String("domain", "", "Domain to serve email for")
|
||||
certFile = flag.String("cert", "", "Path to a PEM-encoded certificate bundle for TLS support")
|
||||
keyFile = flag.String("key", "", "Path to a PEM-encoded key for TLS support")
|
||||
)
|
||||
|
||||
func main() {
|
||||
flag.Parse()
|
||||
|
||||
if *domain == "" {
|
||||
log.Fatal("A domain must be specified on the command line (for now!)")
|
||||
}
|
||||
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
|
||||
datastore, err := store.New(ctx, "crockery.db")
|
||||
@@ -18,6 +32,25 @@ func main() {
|
||||
log.Fatal("Couldn't open crockery.db:", err)
|
||||
}
|
||||
|
||||
// FIXME: This will eventually come from the datastore itself, via `crockery init`
|
||||
datastore.SetDomain(*domain)
|
||||
log.Printf("Running as %s", datastore.Domain())
|
||||
|
||||
// FIXME: This will eventually come from the datastore itself, via ACME
|
||||
if *certFile != "" || *keyFile != "" {
|
||||
cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
|
||||
if err != nil {
|
||||
log.Fatalf("Couldn't setup TLS: %v", err)
|
||||
}
|
||||
|
||||
if cert.PrivateKey == nil {
|
||||
log.Fatal("No private key for TLS certificate")
|
||||
}
|
||||
|
||||
datastore.SetTLS(cert)
|
||||
log.Print("Successfully loaded TLS certificate and key")
|
||||
}
|
||||
|
||||
srv, err := services.New(ctx, datastore)
|
||||
if err != nil {
|
||||
log.Fatal("Couldn't start services:", err)
|
||||
|
||||
@@ -19,11 +19,13 @@ type Server interface {
|
||||
|
||||
func NewServer(cancel context.CancelFunc, datastore store.Interface, starttls bool) Server {
|
||||
out := &concrete{
|
||||
cancel: cancel,
|
||||
store: datastore,
|
||||
cancel: cancel,
|
||||
store: datastore,
|
||||
starttls: starttls,
|
||||
}
|
||||
|
||||
out.server = imapserver.New(out)
|
||||
out.server.TLSConfig = out.store.TLSConfig()
|
||||
|
||||
if starttls {
|
||||
out.server.Addr = ":143"
|
||||
@@ -35,13 +37,22 @@ func NewServer(cancel context.CancelFunc, datastore store.Interface, starttls bo
|
||||
}
|
||||
|
||||
type concrete struct {
|
||||
cancel context.CancelFunc
|
||||
store store.Interface
|
||||
server *imapserver.Server
|
||||
cancel context.CancelFunc
|
||||
store store.Interface
|
||||
server *imapserver.Server
|
||||
starttls bool
|
||||
}
|
||||
|
||||
func (c *concrete) Run() {
|
||||
if err := c.server.ListenAndServe(); err != nil {
|
||||
var err error
|
||||
|
||||
if c.starttls {
|
||||
err = c.server.ListenAndServe()
|
||||
} else {
|
||||
err = c.server.ListenAndServeTLS()
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
log.Printf("Error serving IMAP %s: %v", c.server.Addr, err)
|
||||
} else {
|
||||
log.Printf("Stopped listening on IMAP %s", c.server.Addr)
|
||||
@@ -56,7 +67,7 @@ func (c *concrete) Login(string, string) (imapbackend.User, error) {
|
||||
}
|
||||
|
||||
func (c *concrete) Close() error {
|
||||
c.cancel() // FIXME: this doesn't touch the server
|
||||
c.cancel() // FIXME: this doesn't touch the server
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -24,6 +24,7 @@ func NewServer(cancel context.CancelFunc, datastore store.Interface, submission
|
||||
|
||||
out.server = smtp.NewServer(out)
|
||||
out.server.Domain = datastore.Domain()
|
||||
out.server.TLSConfig = datastore.TLSConfig()
|
||||
|
||||
if submission {
|
||||
out.server.Addr = ":587"
|
||||
|
||||
@@ -2,20 +2,60 @@ package store
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
)
|
||||
|
||||
type Interface interface {
|
||||
Domain() string
|
||||
TLS() tls.Certificate
|
||||
TLSConfig() *tls.Config
|
||||
|
||||
SetDomain(string)
|
||||
SetTLS(tls.Certificate)
|
||||
}
|
||||
|
||||
func New(ctx context.Context, filename string) (Interface, error) {
|
||||
return &concrete{domain: "example.com"}, nil
|
||||
return &concrete{
|
||||
filename: filename,
|
||||
}, nil
|
||||
}
|
||||
|
||||
type concrete struct {
|
||||
filename string
|
||||
|
||||
// TODO: these will eventually be persisted to the file in `filename`
|
||||
domain string
|
||||
cert tls.Certificate
|
||||
}
|
||||
|
||||
func (c *concrete) Domain() string {
|
||||
return c.domain
|
||||
}
|
||||
|
||||
func (c *concrete) TLS() tls.Certificate {
|
||||
return c.cert
|
||||
}
|
||||
|
||||
func (c *concrete) TLSConfig() *tls.Config {
|
||||
return &tls.Config{
|
||||
GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||
certCopy := c.TLS()
|
||||
|
||||
return &certCopy, nil
|
||||
},
|
||||
|
||||
ServerName: c.Domain(),
|
||||
}
|
||||
}
|
||||
|
||||
func (c *concrete) SetDomain(domain string) {
|
||||
c.domain = domain
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func (c *concrete) SetTLS(cert tls.Certificate) {
|
||||
c.cert = cert
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user