lupine/crockery
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Hack in command-line specification of domain, cert and key

Browse Source
This commit is contained in:
Nick Thomas
2018-03-05 19:53:48 +00:00
parent 811b90224f
commit bf1ca421aa
6 changed files with 107 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,2 +1,4 @@
/crockery /crockery
/crockery.db /crockery.db
/cert
/key

12
README.md
View File

@@ -72,6 +72,18 @@ Probably other stuff. Email is big, and just keeps getting bigger.
## How ## How
### Building a binary
```
$ go build ur.gs/crockery/cmd/crockery
$ sudo setcap 'cap_net_bind_service=+ep' ./crockery
```
The second step allows crockery to bind to the various low-numbered ports it
needs (25, 587, 149, 993) **without** running as root. Don't bother with it if
you're going to be running crockery as root, e.g., as a container or a single-
purpose system.
### Initialize a new database ### Initialize a new database
``` ```

33
cmd/crockery/main.go
View File

@@ -2,6 +2,8 @@ package main
import ( import (
"context" "context"
"crypto/tls"
"flag"
"log" "log"
"os" "os"
"os/signal" "os/signal"
@@ -10,7 +12,19 @@ import (
"ur.gs/crockery/internal/store" "ur.gs/crockery/internal/store"
) )
var (
domain = flag.String("domain", "", "Domain to serve email for")
certFile = flag.String("cert", "", "Path to a PEM-encoded certificate bundle for TLS support")
keyFile = flag.String("key", "", "Path to a PEM-encoded key for TLS support")
)
func main() { func main() {
flag.Parse()
if *domain == "" {
log.Fatal("A domain must be specified on the command line (for now!)")
}
ctx, cancel := context.WithCancel(context.Background()) ctx, cancel := context.WithCancel(context.Background())
datastore, err := store.New(ctx, "crockery.db") datastore, err := store.New(ctx, "crockery.db")
@@ -18,6 +32,25 @@ func main() {
log.Fatal("Couldn't open crockery.db:", err) log.Fatal("Couldn't open crockery.db:", err)
} }
// FIXME: This will eventually come from the datastore itself, via `crockery init`
datastore.SetDomain(*domain)
log.Printf("Running as %s", datastore.Domain())
// FIXME: This will eventually come from the datastore itself, via ACME
if *certFile != "" || *keyFile != "" {
cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
if err != nil {
log.Fatalf("Couldn't setup TLS: %v", err)
}
if cert.PrivateKey == nil {
log.Fatal("No private key for TLS certificate")
}
datastore.SetTLS(cert)
log.Print("Successfully loaded TLS certificate and key")
}
srv, err := services.New(ctx, datastore) srv, err := services.New(ctx, datastore)
if err != nil { if err != nil {
log.Fatal("Couldn't start services:", err) log.Fatal("Couldn't start services:", err)

25
internal/imap/server.go
View File

@@ -19,11 +19,13 @@ type Server interface {
func NewServer(cancel context.CancelFunc, datastore store.Interface, starttls bool) Server { func NewServer(cancel context.CancelFunc, datastore store.Interface, starttls bool) Server {
out := &concrete{ out := &concrete{
cancel: cancel, cancel: cancel,
store: datastore, store: datastore,
starttls: starttls,
} }
out.server = imapserver.New(out) out.server = imapserver.New(out)
out.server.TLSConfig = out.store.TLSConfig()
if starttls { if starttls {
out.server.Addr = ":143" out.server.Addr = ":143"
@@ -35,13 +37,22 @@ func NewServer(cancel context.CancelFunc, datastore store.Interface, starttls bo
} }
type concrete struct { type concrete struct {
cancel context.CancelFunc cancel context.CancelFunc
store store.Interface store store.Interface
server *imapserver.Server server *imapserver.Server
starttls bool
} }
func (c *concrete) Run() { func (c *concrete) Run() {
if err := c.server.ListenAndServe(); err != nil { var err error
if c.starttls {
err = c.server.ListenAndServe()
} else {
err = c.server.ListenAndServeTLS()
}
if err != nil {
log.Printf("Error serving IMAP %s: %v", c.server.Addr, err) log.Printf("Error serving IMAP %s: %v", c.server.Addr, err)
} else { } else {
log.Printf("Stopped listening on IMAP %s", c.server.Addr) log.Printf("Stopped listening on IMAP %s", c.server.Addr)
@@ -56,7 +67,7 @@ func (c *concrete) Login(string, string) (imapbackend.User, error) {
} }
func (c *concrete) Close() error { func (c *concrete) Close() error {
c.cancel() // FIXME: this doesn't touch the server c.cancel() // FIXME: this doesn't touch the server
return nil return nil
} }

1
internal/smtp/server.go
View File

@@ -24,6 +24,7 @@ func NewServer(cancel context.CancelFunc, datastore store.Interface, submission
out.server = smtp.NewServer(out) out.server = smtp.NewServer(out)
out.server.Domain = datastore.Domain() out.server.Domain = datastore.Domain()
out.server.TLSConfig = datastore.TLSConfig()
if submission { if submission {
out.server.Addr = ":587" out.server.Addr = ":587"

42
internal/store/store.go
View File

@@ -2,20 +2,60 @@ package store
import ( import (
"context" "context"
"crypto/tls"
) )
type Interface interface { type Interface interface {
Domain() string Domain() string
TLS() tls.Certificate
TLSConfig() *tls.Config
SetDomain(string)
SetTLS(tls.Certificate)
} }
func New(ctx context.Context, filename string) (Interface, error) { func New(ctx context.Context, filename string) (Interface, error) {
return &concrete{domain: "example.com"}, nil return &concrete{
filename: filename,
}, nil
} }
type concrete struct { type concrete struct {
filename string
// TODO: these will eventually be persisted to the file in `filename`
domain string domain string
cert tls.Certificate
} }
func (c *concrete) Domain() string { func (c *concrete) Domain() string {
return c.domain return c.domain
} }
func (c *concrete) TLS() tls.Certificate {
return c.cert
}
func (c *concrete) TLSConfig() *tls.Config {
return &tls.Config{
GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
certCopy := c.TLS()
return &certCopy, nil
},
ServerName: c.Domain(),
}
}
func (c *concrete) SetDomain(domain string) {
c.domain = domain
return
}
func (c *concrete) SetTLS(cert tls.Certificate) {
c.cert = cert
return
}