2eb8a0c225
Over-engineered play stack for infinidim.net — Stalwart wired into the shared Postgres + Redis + Garage S3 over the tailnet, with no WAN presence. Public mail ports are fronted by a separate caddy-l4 layer-4 proxy (caddy/) that can run on any tailnet host tagged tag:reverse-proxy — decoupled from the mailbox. - docker-compose.yml: ts-stalwart sidecar + stalwart, backends via MagicDNS - config/config.toml: PG (data/fts) + Redis (lookup) + S3 (blob) strawman - caddy/: xcaddy build with caddy-l4, JSON layer-4 mail proxy, own compose - acl-snippet.hujson: tag:stalwart owner + backend/edge grants - .env.example + gitignored .env (pulled from shared infra) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
27 lines
870 B
YAML
27 lines
870 B
YAML
# tailwart edge — the layer-4 mail proxy. Deploy this on ANY host with a public
|
|
# IP that is joined to the tailnet and tagged tag:reverse-proxy. It does not
|
|
# have to be the same machine as the Stalwart mailbox — that's the fun part.
|
|
#
|
|
# docker compose up -d --build
|
|
#
|
|
# network_mode: host is deliberate: the proxy needs to bind the public mail
|
|
# ports AND resolve/reach ${STALWART_MAGIC_NAME}.${TS_TAILNET} via the host's
|
|
# tailscaled (MagicDNS). The mailbox container, by contrast, binds nothing on
|
|
# the host — opposite ends of the same wire.
|
|
|
|
name: tailwart-edge
|
|
|
|
services:
|
|
caddy-l4:
|
|
build: .
|
|
image: tailwart-caddy:latest
|
|
network_mode: host
|
|
command: ["caddy", "run", "--config", "/etc/caddy/caddy.json"]
|
|
volumes:
|
|
- ./caddy.json:/etc/caddy/caddy.json:ro
|
|
- caddy-data:/data
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
caddy-data:
|