Browse Source

Hack in command-line specification of domain, cert and key

master
Nick Thomas 2 years ago
parent
commit
bf1ca421aa
Signed by: lupine <me@ur.gs> GPG Key ID: 1F1A7ECCCFE0B92F
6 changed files with 107 additions and 8 deletions
  1. +2
    -0
      .gitignore
  2. +12
    -0
      README.md
  3. +33
    -0
      cmd/crockery/main.go
  4. +18
    -7
      internal/imap/server.go
  5. +1
    -0
      internal/smtp/server.go
  6. +41
    -1
      internal/store/store.go

+ 2
- 0
.gitignore View File

@@ -1,2 +1,4 @@
/crockery
/crockery.db
/cert
/key

+ 12
- 0
README.md View File

@@ -72,6 +72,18 @@ Probably other stuff. Email is big, and just keeps getting bigger.

## How

### Building a binary

```
$ go build ur.gs/crockery/cmd/crockery
$ sudo setcap 'cap_net_bind_service=+ep' ./crockery
```

The second step allows crockery to bind to the various low-numbered ports it
needs (25, 587, 149, 993) **without** running as root. Don't bother with it if
you're going to be running crockery as root, e.g., as a container or a single-
purpose system.

### Initialize a new database

```


+ 33
- 0
cmd/crockery/main.go View File

@@ -2,6 +2,8 @@ package main

import (
"context"
"crypto/tls"
"flag"
"log"
"os"
"os/signal"
@@ -10,7 +12,19 @@ import (
"ur.gs/crockery/internal/store"
)

var (
domain = flag.String("domain", "", "Domain to serve email for")
certFile = flag.String("cert", "", "Path to a PEM-encoded certificate bundle for TLS support")
keyFile = flag.String("key", "", "Path to a PEM-encoded key for TLS support")
)

func main() {
flag.Parse()

if *domain == "" {
log.Fatal("A domain must be specified on the command line (for now!)")
}

ctx, cancel := context.WithCancel(context.Background())

datastore, err := store.New(ctx, "crockery.db")
@@ -18,6 +32,25 @@ func main() {
log.Fatal("Couldn't open crockery.db:", err)
}

// FIXME: This will eventually come from the datastore itself, via `crockery init`
datastore.SetDomain(*domain)
log.Printf("Running as %s", datastore.Domain())

// FIXME: This will eventually come from the datastore itself, via ACME
if *certFile != "" || *keyFile != "" {
cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
if err != nil {
log.Fatalf("Couldn't setup TLS: %v", err)
}

if cert.PrivateKey == nil {
log.Fatal("No private key for TLS certificate")
}

datastore.SetTLS(cert)
log.Print("Successfully loaded TLS certificate and key")
}

srv, err := services.New(ctx, datastore)
if err != nil {
log.Fatal("Couldn't start services:", err)


+ 18
- 7
internal/imap/server.go View File

@@ -19,11 +19,13 @@ type Server interface {

func NewServer(cancel context.CancelFunc, datastore store.Interface, starttls bool) Server {
out := &concrete{
cancel: cancel,
store: datastore,
cancel: cancel,
store: datastore,
starttls: starttls,
}

out.server = imapserver.New(out)
out.server.TLSConfig = out.store.TLSConfig()

if starttls {
out.server.Addr = ":143"
@@ -35,13 +37,22 @@ func NewServer(cancel context.CancelFunc, datastore store.Interface, starttls bo
}

type concrete struct {
cancel context.CancelFunc
store store.Interface
server *imapserver.Server
cancel context.CancelFunc
store store.Interface
server *imapserver.Server
starttls bool
}

func (c *concrete) Run() {
if err := c.server.ListenAndServe(); err != nil {
var err error

if c.starttls {
err = c.server.ListenAndServe()
} else {
err = c.server.ListenAndServeTLS()
}

if err != nil {
log.Printf("Error serving IMAP %s: %v", c.server.Addr, err)
} else {
log.Printf("Stopped listening on IMAP %s", c.server.Addr)
@@ -56,7 +67,7 @@ func (c *concrete) Login(string, string) (imapbackend.User, error) {
}

func (c *concrete) Close() error {
c.cancel() // FIXME: this doesn't touch the server
c.cancel() // FIXME: this doesn't touch the server

return nil
}

+ 1
- 0
internal/smtp/server.go View File

@@ -24,6 +24,7 @@ func NewServer(cancel context.CancelFunc, datastore store.Interface, submission

out.server = smtp.NewServer(out)
out.server.Domain = datastore.Domain()
out.server.TLSConfig = datastore.TLSConfig()

if submission {
out.server.Addr = ":587"


+ 41
- 1
internal/store/store.go View File

@@ -2,20 +2,60 @@ package store

import (
"context"
"crypto/tls"
)

type Interface interface {
Domain() string
TLS() tls.Certificate
TLSConfig() *tls.Config

SetDomain(string)
SetTLS(tls.Certificate)
}

func New(ctx context.Context, filename string) (Interface, error) {
return &concrete{domain: "example.com"}, nil
return &concrete{
filename: filename,
}, nil
}

type concrete struct {
filename string

// TODO: these will eventually be persisted to the file in `filename`
domain string
cert tls.Certificate
}

func (c *concrete) Domain() string {
return c.domain
}

func (c *concrete) TLS() tls.Certificate {
return c.cert
}

func (c *concrete) TLSConfig() *tls.Config {
return &tls.Config{
GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
certCopy := c.TLS()

return &certCopy, nil
},

ServerName: c.Domain(),
}
}

func (c *concrete) SetDomain(domain string) {
c.domain = domain

return
}

func (c *concrete) SetTLS(cert tls.Certificate) {
c.cert = cert

return
}

Loading…
Cancel
Save