DevOps/hidden-mailserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
95d413db4e
hidden-mailserver/startup.sh
Eric Meehan 95d413db4e
Initial commit
2026-02-07 11:36:54 -05:00

64 lines
2.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Create a dummy tor instance to generate keys and hostname if needed
# !!! SUDO IS USED HERE TO SEE IF A FILE OWNED BY 100:100 IN THIS REPO EXISTS !!!
if ! sudo [ -e ./tor/data/docker-mailserver/hostname ]
then
echo "Setting up Tor hidden service..."
mkdir -p ./tor/{config,data}
# !!! SUDO IS USED HERE TO CHANGE THE OWNERSHIP OF TOR'S DATA DIRECTORY SO THAT IT CAN BE USED BY THE CONTAINER !!!
sudo chown -R 100:100 ./tor/data
docker run -d --rm --name tor -v ./tor/data:/var/lib/tor -v ./tor/config:/etc/tor dockurr/tor
echo "Waiting for service to initialize..."
sleep 5
docker stop tor
echo "Finished setting up Tor hidden service."
else
echo "Using existing Tor hidden service configuration."
fi
# Get hidden service address
# !!! SUDO IS USED HERE TO READ THE ONION HOSTNAME FROM A FILE SET TO BE OWNED BY USER 100 IN THE PREVIOUS SECTION !!!
# TODO: Find a way to do this without sudo!
export HIDDEN_SERVICE_ADDRESS="$(sudo cat ./tor/data/docker-mailserver/hostname)"
# Generate transport maps
echo "Creating transport map..."
# !!! SUDO IS USED HERE TO CLEAR ANY EXISTING TRANSPORT MAPS !!!
# !!! SUDO IS NOT USED ANYWHERE ELSE IN THIS SCRIPT !!!
sudo rm ./docker-mailserver/transport
echo "$HIDDEN_SERVICE_ADDRESS smtp:[127.0.0.1]" > ./docker-mailserver/transport
while read -r pseudonym onion
do
echo "$pseudonym smtptor:[$onion]" >> ./docker-mailserver/transport
done < known_servers
echo "* discard" >> ./docker-mailserver/transport
echo "Done creating transport map."
# Generate keys for encrypted storage if needed
if ! [ -e ./docker-mailserver/certs/pubkey.pem ] || ! [ -e ./docker-mailserver/certs/privkey.pem ]
then
echo "Creating encryption keys..."
openssl ecparam -name prime256v1 -genkey| openssl pkey -out ./docker-mailserver/certs/privkey.pem
openssl pkey -in ./docker-mailserver/certs/privkey.pem -pubout -out ./docker-mailserver/certs/pubkey.pem
echo "Finished creating encryption keys."
else
echo "Using existing encryption keys."
fi
# Generate SSL certificates if needed
if ! [ -e ./docker-mailserver/config/ssl/demoCA/cacert.pem ]
then
echo "Creating SSL certificates..."
docker run -d --rm --user "$(id -u):$(id -g)" -v ./docker-mailserver/config/ssl:/tmp/step-ca/ --workdir /tmp/step-ca \
--entrypoint /tmp/step-ca/generate-certs.sh -e HIDDEN_SERVICE_ADDRESS=$HIDDEN_SERVICE_ADDRESS smallstep/step-ca
echo "Finished creating SSL certificates."
else
echo "Using existing SSL certificates."
fi
# Start the containers
echo "Starting containers..."
docker compose up -d
echo "Finished starting containers."
echo "Hidden service address: $HIDDEN_SERVICE_ADDRESS"
Reference in New Issue View Git Blame Copy Permalink